What Effect Will the Epsilon Data Theft have on Cloud Computing?

What Effect Will the Epsilon Data Theft have on Cloud Computing?

There’s no denying that security remains the prime concern that’s causing people to think twice before migrating to the cloud. While the benefits of cloud computing far outweigh the potential problems, even security, the fact remains that unless such concerns are eliminated, adoption of cloud computing will continue to be hampered (See: Is Cloud Computing Secure? Yes another Perspective).

In this light, the recent data breach at consumer marketing firm Epsilon will definitely hold back the march of cloud computing across enterprises. If you are a customer of any one or more of the following companies or institutions – Best Buy, Ethan Allen, Marriott, Walgreens, Target, JPMorgan Chase, TiVo, Capital One Financial, Marks & Spencer, Lacoste, Kroger, Disney and AbeBooks – you may already be aware of the problem in hand courtesy apologetic mails sent by the aforementioned companies.

If you are not, here’s the background to the matter under discussion. Epsilon is a marketing firm that manages email communications for a host of companies, sending out 40 billion e-mails every year. On 1 April it released a statement that it had detected an “unauthorized entry” into its system on 30 March that exposed customer names and e-mail addresses. The company said “no other personal identifiable information associated with those names was at risk.” On 4 April, Epsilon said that the breach affected “approximately 2 percent of total clients.”

Epsilon’s initial announcement was quickly followed by mails from the affected companies trying to reassure customers about their commitment to data security and privacy, while at the same time warning them about possible spam and phishing mails. However, one of the main questions troubling cloud computing enthusiasts is how this will affect the nascent technology.

For better or worse, Epsilon is recognized as a company that uses cloud computing. Hence, a security breach at Epsilon is akin to a blow on the reputation of cloud computing. While it may not be a critical blow, it’s a hard one nevertheless. Even if people are unaware of the cloud computing angle, the trend of outsourcing capabilities (as with cloud computing) may itself come under threat. So cloud computing gets hurt, one way or the other.

While it’s wrong to use isolated incidents as excuse to disparage cloud computing, a topic I had discussed earlier (See: Gmail Outage – Is Cloud Computing To Blame?), CTOs and customers will become wary of this new technology. As an analyst put it, “the multi-tenant environment of cloud services means that a breach into one system can give hackers a multitude of data. The Epsilon breach reignites concerns about the security of this environment.”

What aggravates this problem is the wide range of companies affected. While many of them may have been contemplating moving to the cloud in the near future or even taken the first few steps in that direction, this incident will give them pause. While emails themselves may not be as sensitive as financial information, the damage to reputation will still be quite severe – both for the companies and Epsilon.

For the cloud computing industry, the best way to counter this is to use it as a learning experience and come up with industry best practices to address security concerns. The Epsilon breach may not end up ending cloud computing, but it has certainly shaken it up good and proper.

By Sourya Biswas

sourya

Sourya Biswas is a former risk analyst who has worked with several financial organizations of international repute, besides being a freelance journalist with several articles published online. After 6 years of work, he has decided to pursue further studies at the University of Notre Dame, where he has completed his MBA. He holds a Bachelors in Engineering from the Indian Institute of Information Technology. He is also a member of high-IQ organizations Mensa and Triple Nine Society and has been a prolific writer to CloudTweaks over the years... http://www.cloudtweaks.com/author/sourya/

3 Responses to What Effect Will the Epsilon Data Theft have on Cloud Computing?

  1. Excellent article. Also, Google to “The Business-Technology Weave.” That author has a great post about the Epsilon breach too, as well as lots of great security articles. He’s the author of “I.T. Wars: Managing the Business-Technology Weave in the New Millennium.” We use the book at work – my copy is dogeared and highlighted to death! Check out the blog for sure – great stuff.

  2. As always I can only advocate to use encryption as a layer of separation. As other recent data thefts (e.g. WordPress, EMC, Microsoft BPOS) are showing, cloud vendors should really invest into higher security – it´s for the benefit of all cloud service providers.

  3. We’ve used the Epsilon breach as an opportunity to confirm with our customers the methods in place to protect their environments. With Epsilon, it isn’t known (at least that we’ve seen) that the breach was from an external Internet based hack. As you know, the most effective breaches are from inside organizations and it’s a great time to review everyone’s external as well as internal controls.

    We continue to see dramatic growth in moving customers to a completely hosted solution. With exposures so high for smaller companies, moving their environments to secure SAS70 data centers with all the controls in place, are huge upgrades that they’d never be able to afford by themselves.

    Thanks,
    Bill Sorenson
    CEO IVDesk
    http://www.IVDesk.com