很難找到比第一資本更積極使用所謂“公共云”的公司。按營收計算，第一資本排名美國第七大銀行，多年來一直在逐步縮減其數(shù)據(jù)中心，利用亞馬遜網(wǎng)絡(luò)服務(wù)隨時可用的資源計算和存儲數(shù)據(jù)。2014年第一資本有八個數(shù)據(jù)中心，計劃到2020年底縮減到一個也不剩。但在影響到1.06億北美人的數(shù)據(jù)泄露事件發(fā)生以后，人們開始質(zhì)疑第一資本的故事是否在警示網(wǎng)絡(luò)安全。

據(jù)說，一名黑客利用“配置錯誤的防火墻”攻破了第一資本的系統(tǒng)，基本上就相當(dāng)于小偷從敞開的門溜進去。第一資本和亞馬遜都強調(diào)稱：“此類漏洞不只云技術(shù)才有?！?/p>

但是，初創(chuàng)公司Cloudflare的安全經(jīng)理埃文·約翰遜等專家表示，亞馬遜網(wǎng)絡(luò)服務(wù)的技術(shù)設(shè)置導(dǎo)致黑客入侵的后果“嚴(yán)重得多”。約翰遜稱，亞馬遜網(wǎng)絡(luò)服務(wù)特別容易受到“服務(wù)器端虛假請求”的影響，即黑客欺騙服務(wù)器接受錯誤連接，從而實現(xiàn)數(shù)據(jù)竊取。應(yīng)該采取更好的風(fēng)險減輕措施，他說道。

盡管第一資本的因數(shù)據(jù)泄露案而備受批評，但這“并不能夠證明應(yīng)用云技術(shù)有錯”，技術(shù)和市場研究公司Forrester的副總裁格倫·奧唐奈說道，“該案例證明的是，從安全和治理的角度來看，必須采取正確的控制措施。”

AT&T的前首席安全官埃德·阿莫羅索也認(rèn)為，對于大多數(shù)企業(yè)而言，與其自行管理基礎(chǔ)設(shè)施，還是全盤轉(zhuǎn)向云服務(wù)更加安全：“不能苛求‘完美’，要跟‘自行管理’的成本比較?！保ㄘ敻恢形木W(wǎng)）

本文另一版本登載于《財富》雜志2019年9月刊，標(biāo)題是《第一資本遭到攻擊》。

譯者：艾倫

審校：夏林

You’d be hard-pressed to find a company more committed to using the so-called public cloud than Capital One. America’s seventh-?biggest bank by revenue has spent years winding down its data centers—from eight in 2014 to zero planned by the end of 2020—and relying on the on-tap resources of Amazon Web Services for computing and data storage. But now, in the wake of a data breach affecting 106 million North Americans, people are questioning whether Capital One represents a cybersecurity cautionary tale.

To burrow inside Capital One’s systems, a hacker supposedly exploited a “misconfigured firewall.” Basically, the thief snuck in an open door. Both Capital One and Amazon stressed that “this type of vulnerability is not specific to the cloud.”

Yet some ?experts, such as Evan Johnson, a security manager at startup Cloudflare, say AWS’s technical setup made the breach “much worse.” AWS is particularly susceptible to “server side request forgery,” Johnson says, in which a hacker tricks a server into connecting where it shouldn’t, enabling data theft. Better mitigations ought to be in place, he says.

Despite the criticism, Capital One’s breach “doesn’t prove the cloud is wrong,” says Glenn O’Donnell, a Forrester VP. “What it does prove is you have to have the right controls in place from a security and governance perspective.”

Ed Amoroso, ex–chief security officer for AT&T, agrees that for most businesses, off-loading infrastructure to the cloud remains safer than managing one’s own: “You have to compare not against ‘perfect’ but against ‘on premises.’”

A version of this article appears in the September 2019 issue of Fortune with the headline “Capital Offense.”