What Effect Will the Epsilon Data Theft have on Cloud Computing?
There’s no denying that security remains the prime concern that’s causing people to think twice before migrating to the cloud. While the benefits of cloud computing far outweigh the potential problems, even security, the fact remains that unless such concerns are eliminated, adoption of cloud computing will continue to be hampered (See: Is Cloud Computing Secure? Yes another Perspective).
In this light, the recent data breach at consumer marketing firm Epsilon will definitely hold back the march of cloud computing across enterprises. If you are a customer of any one or more of the following companies or institutions – Best Buy, Ethan Allen, Marriott, Walgreens, Target, JPMorgan Chase, TiVo, Capital One Financial, Marks & Spencer, Lacoste, Kroger, Disney and AbeBooks – you may already be aware of the problem in hand courtesy apologetic mails sent by the aforementioned companies.
If you are not, here’s the background to the matter under discussion. Epsilon is a marketing firm that manages email communications for a host of companies, sending out 40 billion e-mails every year. On 1 April it released a statement that it had detected an “unauthorized entry” into its system on 30 March that exposed customer names and e-mail addresses. The company said “no other personal identifiable information associated with those names was at risk.” On 4 April, Epsilon said that the breach affected “approximately 2 percent of total clients.”
Epsilon’s initial announcement was quickly followed by mails from the affected companies trying to reassure customers about their commitment to data security and privacy, while at the same time warning them about possible spam and phishing mails. However, one of the main questions troubling cloud computing enthusiasts is how this will affect the nascent technology.
For better or worse, Epsilon is recognized as a company that uses cloud computing. Hence, a security breach at Epsilon is akin to a blow on the reputation of cloud computing. While it may not be a critical blow, it’s a hard one nevertheless. Even if people are unaware of the cloud computing angle, the trend of outsourcing capabilities (as with cloud computing) may itself come under threat. So cloud computing gets hurt, one way or the other.
While it’s wrong to use isolated incidents as excuse to disparage cloud computing, a topic I had discussed earlier (See: Gmail Outage – Is Cloud Computing To Blame?), CTOs and customers will become wary of this new technology. As an analyst put it, “the multi-tenant environment of cloud services means that a breach into one system can give hackers a multitude of data. The Epsilon breach reignites concerns about the security of this environment.”
What aggravates this problem is the wide range of companies affected. While many of them may have been contemplating moving to the cloud in the near future or even taken the first few steps in that direction, this incident will give them pause. While emails themselves may not be as sensitive as financial information, the damage to reputation will still be quite severe – both for the companies and Epsilon.
For the cloud computing industry, the best way to counter this is to use it as a learning experience and come up with industry best practices to address security concerns. The Epsilon breach may not end up ending cloud computing, but it has certainly shaken it up good and proper.
By Sourya Biswas