cloud edorsement

What Forecasts Of Data Breaches Should Spell To Cloud Security Practitioners

Cloud Security Practitioners And Auditors

Today we have seen relatively few data breaches in the cloud despite its growing use for mission-critical workloads. However, as cloud increasingly becomes the backend for our mobile devices, for the Internet of Things (IoT) and for other daily life functions, we can safely predict that hackers will set their sights on such troves of personal data.

This year’s data breaches have been characterized by massive exposures of personal information and identities. With the Internet of Things’ devices introducing streams of data that are far more personal and intimate than the current digital economy and those streams providing increased pathways to the cloud, it makes cloud an increasingly attractive target for data breaches.

Have We Become Too Trusting Of The Cloud?

Though cloud is recognized as a different paradigm to en premise security, it seems that many of the same security standards and frameworks still apply. Auditing practices and toolsets in the cloud are still immature compared to their enterprise counterparts and lack of visibility across the entire stack is still a challenge for most cloud consuming organizations. Additionally, the “castles in the cloud” syndrome still applies with many cloud providers taking the approach of fortifying their environment but not focusing on the different types of data being transacted on or traveling to and from their clouds.

Compliance Does Not Necessarily Equal Trustworthiness

Many of the standards and regulations that today’s cloud providers and cloud consuming organization have to abide by are largely focused on assessing capabilities to process and store information – they don’t guarantee the safety or trustworthiness of your data in the cloud. Trust is the key factor! Just as warning labels don’t’ make you safer – for example, you could still get hurt even though your car may come with warnings for seat belt usage – compliance certification doesn’t protect your data. Compliance and certification implies that the provider, the consumer or both have a well-controlled environment. The focus should be much more on the data, its access and its usage.

Focusing On What Really Matters To Build Consumer Trust

 

Cloud providers and cloud consuming organizations have the opportunity to put in place stronger data protection measures that align to today’s business and personal usage contexts. Security practitioners and auditors need to be able to talk about data protection in business consumable terms so that developers and business leaders can understand which types of data they need to especially focus protection measures on. It’s this rather than having a secure and compliant infrastructure that will help retain consumer trust in the long term and potentially help mitigate data breaches in the future.

Data classification schemes are going to have to be based on a variety of contextual measures and on different levels of personal and privacy-related data given our highly digitized personal and business futures. There won’t be any one scheme that will apply universally and it will need an industry-wide approach to ensure a cohesive strategy. If we don’t start focusing in this direction now, we will face even more egregious data exposures in the not so far future.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.

No posts found.

SPONSORS

Ransomware's Great Lessons

Ransomware’s Great Lessons

Ransomware The vision is chilling. It's another busy day. An employee arrives and logs on to the network only to ...

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.

Greetings from Atlanta – a City Held Hostage

Greetings from Atlanta – a City Held Hostage

What’s it like to live in a city under cyber siege? It’s surprisingly calm. The taps run, trash is collected, 911 works and planes land and takeoff. That’s what is scary. Live in Atlanta where ransomware has locked out city officials, employees and constituents from
Have You Spotted the Turn?

Have You Spotted the Turn?

You are hammered to be ready for the latest technologies. But all of them have lifecycles. It is just as important to identify when they’re diminishing, maybe even dying. Look for the turn or risk a millstone around your neck. They seem like they will

"Top 100 Brand Influencer, Cloud”
-ONALYTICA

"Best Cloud Computing Blog"
-SYSADMIN MAGAZINE

"Top 10 Sites For Cloud Computing"
-DIGITALISTMAG SAP

"Top 10 Cloud Computing Blogs”
-MARKETING ENVY

"Top 25 Must Read Cloud Blogs"
-CLOUDENDURE