How do customers prevent a Capital One-type breach? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.
Answer by Clay Magouyrk, SVP of Engineering, Oracle Cloud Infrastructure, on Quora:
There are still too many IT systems that haven’t been properly updated to defend against new cyber threats. The first question IT needs to ask themselves is – is my data in the cloud, and if so, how was the cloud built? Was it built from the ground up with security as its primary architectural objective, or was security bolted on at point in the process? More specifically, is there a barrier of isolation between the cloud vendor’s control code and the customer’s data? That’s how our cloud work at Oracle – no customer data can affect our control code.
The second question you have to ask is – to what extent is my cloud relying on humans to keep data secure? In a study released earlier this year by Oracle, we found that C-Suite executives and policymakers rank “human error” as the top cybersecurity risk in their organizations. That’s why our cloud is autonomous. It’s powered by the world’s first autonomous database, which in my view is one of the most important advancements in helping businesses and governments protect themselves from outside security threats. When a database employs technology that is designed to be self-repairing, self-tuning and self-patching, it greatly reduces the risk of human error. And today, our autonomous database runs on the world’s first autonomous OS, also made by Oracle. Autonomous Linux eliminates complexity, and manual management, again, reducing human error in the process. Instead, it offers more robust continuous threat monitoring and exploit detection controls in an automated environment. Another important and easy to achieve step is to always use encryption when the situation calls for it, especially in backups (our understanding is that some of the data that was accessed in the Capital One data breach was back up copies of databases).Lastly, I would say to only use systems that can collect, monitor and analyze actions by users and API’s, looking for anomalies or outliers that may be early signs of an attack. In the Capital One breach, we believe there were executions of commands that were very out of place because they weren’t ever used. This is where cloud customers gain another advantage – cloud providers are the ones looking after this level of security monitoring. Our cloud infrastructure, for example, has a secure-by-design approach intended to automate security with always-on secure configurations.
This question originally appeared on Quora – the place to gain and share knowledge, empowering people to learn from others and better understand the world. You can follow Quora on Twitter and Facebook. More questions: