Even after breach, Capital One is 'all in' on the cloud

Capital One Financial remains fully committed to its cloud computing strategy in the wake of a hacking incident that resulted in the compromise of personal data on more than 100 million people.

“We’re all in on the cloud,” Capital One Chief Financial Officer Scott Blackley said at an investor conference Tuesday, repeating a mantra that company executives began using before the data breach.

Blackley confirmed that that the McLean, Va., company still expects to shut down all of its data centers by the end of next year. Capital One discussed that plan back in April, roughly three months before the breach was uncovered, as part of its switch to the public cloud.

Outside a Capital One cafe.

“We are comfortable that our journey to the cloud continues to be the right strategic move for the company,” Blackley said Tuesday in remarks at a conference in New York organized by Barclays.

“While this incident was regrettable, I do think that we’re going to find that we have a number of learnings that are going to make us a stronger and safer environment for data in the future.”

Paige Thompson, a former Amazon employee, was arrested in July for allegedly hacking Capital One’s customer data. She has pleaded not guilty. Capital One uses Amazon Web Services, a subsidiary of the Seattle-based tech giant that offers cloud computing services.

While much of Capital One’s most sensitive customer data was protection as a result of tokenization, roughly 140,000 Social Security numbers were exposed, as were 80,000 bank account numbers. Capital One has said that it believes it is unlikely that the information was used for fraud.

At an investor conference Tuesday hosted by Barclays, Blackley acknowledged that Capital One will need to improve its cyberdefenses, and he said that the company has brought in outside experts to help conduct an internal review.

But he maintained that the weakness exposed by the breach — what the company has described as a “specific configuration vulnerability” — could have happened if the customer data was being held at data centers.

“This really was not a circumstance that was specific to the cloud,” Blackley said in response to a question about whether there’s a risk in outsourcing customer data.

He added: “I think it just suggests that when you’re in the cloud, it’s a broader target. There’s more people on the cloud, so you’ve got to be really thoughtful about your defenses.”

Capital One has embraced cloud computing more fully than many other large banks. Speaking at the same conference on Monday, Discover Financial Services CEO Roger Hochschild said that his firm is pursuing what he called a “hybrid” cloud solution.

“I think we might be a little more cautious than some others in terms of our overall architecture,” Hochschild said.

For reprint and licensing requests for this article, click here.
Cyber security Cloud computing Customer data Data breaches Capital One
MORE FROM AMERICAN BANKER