Dive Brief:
- Capital One is still "all in" on its cloud computing strategy, CFO Scott Blackley said Tuesday at an investor conference in New York. The comments mirror those made by Bernard Golden, the bank’s vice president of cloud strategy, last November, months before the data breach that exposed 106 million customers’ personal data.
- The company is continuing with its plan to shut down all of its data centers by the end of next year, Blackley said.
- "We don't start using a service just because it's announced and it's cool," Golden told TechRepublic after last November's Amazon Web Services re:Invent conference. Capital One is adopting the public cloud through Amazon Web Services. "We start using it when we are sure we can meet security and other commitments we have internally," Golden said.
Dive Insight:
A number of firms opt for a private cloud, where assets are protected by internal firewalls. Capital One chose its strategy because a cloud company could update its security technology far faster than a financial services company, allowing Capital One to focus on consolidating its data centers and rewriting its applications to fit.
Lauren Nelson, a principal analyst at Forrester, called Capital One's 2015 shift toward a public cloud a "bold claim in the market." Not many companies take that type migration approach today, and "none of those are financial services companies," Nelson told CIO Dive last year.
"We are comfortable that our journey to the cloud continues to be the right strategic move for the company," Blackley said Tuesday. Capital One will need to improve its cyber defenses and has retained outside experts to help conduct an internal review, he added.
Paige Thompson, a former Amazon Web Services employee, has pleaded not guilty to charges of computer fraud and abuse in the breach that was publicized in July. An improperly configured firewall allegedly allowed Thompson to access Capital One customers' data.
"While this incident was regrettable, I do think that we’re going to find that we have a number of learnings that are going to make us a stronger and safer environment for data in the future," Blackley said, adding that the "vulnerability" exposed by the breach would still have been a risk if the customer data was held at data centers.
Capital One's position that it's "all in" on its cloud strategy has served as somewhat of a company mantra.
"All in means all in," Golden told TechRepublic in December, adding that adopting cloud-native practices will disrupt, lead and force transformation in the financial services industry.
Failure to adapt leaves "traditional companies with no hopes of catching up," Golden said. The choice is between "surfing the cloud-native wave or […] being inundated by it," he said.
Still, other financial services executives are advocating a more risk-averse approach.
Discover Financial Services CEO Roger Hochschild said Monday at the investor conference that his company is adopting a "hybrid" cloud solution, according to American Banker.
"I think we might be a little more cautious than some others in terms of our overall architecture," he said.