Coke’s Internal Data Breach – Lessons Learned

Coke’s Internal Data Breach

Last Friday, Coke announced that sensitive information belonging to roughly 70,000 current and former North American employees was compromised because the data hadn’t been encrypted on company laptops (despite their company encryption policy.)1 The data breach occurred after a former worker stole several company laptops that locally stored employee information, such as social security and driver’s license numbers.

We’ve heard a lot about security breaches lately (Target and Neiman Marcus come to mind), but cases like Coke’s – a major breach of workers’ personal information – happen more than we realize. How can large and small companies alike learn from Coke’s recent internal breach? And what steps can we take to avoid ever experiencing an internal security breach ourselves?

The answer lies in the cloud. Simply put, cloud-stored data offers a highly secure alternative to locally-stored data. When sensitive information is no longer stored on devices that are regularly available to employees and the occasional passersby, the chances of that data being compromised drastically decreases. Cloud-stored data, generally speaking, can be accessed via remote devices over encrypted connections and do not require downloading to a local device. Local devices can enable data encryption, of course, and that certainly lowers theft and data breach risks, but by avoiding housing data locally altogether, consistent and thorough security can truly be maintained.

Another example of the perils of locally-stored data comes to mind right about now. One of the largest settlements for violating the Health Insurance Portability and Accountability Act (HIPAA) occurred when an Alaska Department of Health and Social Services employee left a portable hard drive containing the personal health information of thousands of patients in their car. It wasn’t long before the employee realized that the hard drive had been stolen. This security breach cost DHSS $1.7 million, and could have been entirely avoided if DHSS had stored its sensitive data off-premise and in the cloud.

Internal Security Measures

It may feel counterintuitive to move sensitive data farther away from you, in an effort to increase your internal security measures. But the fact is cloud hosting providers have extensive experience developing powerful safeguards and monitoring systems such as firewalls, intrusion protection systems, file integrity monitoring systems, encryption algorithms and virtual private networks. Given their decades of experience in managing large datacenters, cloud providers are well accustomed to properly disposing hard drives and backup devices. (In fact, secure data deconstruction has long been a crucial and appealing feature of cloud service providers.) Vulnerability scans serve as another crucial security asset offered by cloud providers, and allow organizations to detect disabled firewalls or any other potential security holes.

From vulnerability scans, to proper data destruction, to a central and secure ‘home’ for sensitive, internal data, cloud providers truly offer the utmost in security and can serve as trusted advisors for mitigating internal data breaches. Rather than joining the growing list of organizations, like Coke, who’ve had to overcome internal security breaches, lets all look to the cloud to maintain consistent and thorough security, both inside and out.

By Scott Walters, Director of Security at INetU


Scott is the Director of Security for hybrid-cloud hosting provider INetU and has been instrumental in shaping the Company’s client services department, which provides customer onboarding and lifecycle support. Under his tenure as director of client services, Walters expanded the department to meet customer needs as the company introduced new cloud products, enhanced service levels for enterprise customers and most recently released the robust INetU Security Suite.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

Syndicated Technology News

email as a service

Cloudflare Collaborates with Google Cloud to Fund Developer Innovation

Collaboration Offers Developers $100,000 in Cloud Platform Credits SAN FRANCISCO, Sept. 19, 2017 (GLOBE NEWSWIRE) — Cloudflare, the leading Internet performance and security company, is collaborating with Google Cloud to help support developer innovation on the Cloudflare Apps Platform. Starting today,…

2017 Ponemon Institute Study Finds SMBs are a Huge Target for Hackers

Negligent Employees and Poor Password Policies are the Weakest Links Negligent employees are the #1 root cause behind data breaches across North America and the UK Ransomware is hitting SMBs hard with more than 50% experiencing an attack Attacks are becoming costlier…

Hackers compromised free CCleaner software, Avast’s Piriform says

Hackers compromised free CCleaner software SAN FRANCISCO (Reuters) – Hackers broke into British company Piriform’s free software for optimizing computer performance last month potentially allowing them to control the devices of more than two million users, the company and independent…