October 13, 2015

What Data Breaches Should Spell To Security Practitioners

By Evelyn de Souza

Cloud Security Practitioners And Auditors

Today we have seen relatively few data breaches in the cloud despite its growing use for mission-critical workloads. However, as cloud increasingly becomes the backend for our mobile devices, for the Internet of Things (IoT) and for other daily life functions, we can safely predict that hackers will set their sights on such troves of personal data.

This year’s data breaches have been characterized by massive exposures of personal information and identities. With the Internet of Things’ devices introducing streams of data that are far more personal and intimate than the current Digital Economy and those streams providing increased pathways to the cloud, it makes cloud an increasingly attractive target for data breaches.

Have We Become Too Trusting Of The Cloud?

Though cloud is recognized as a different paradigm to en premise security, it seems that many of the same security standards and frameworks still apply. Auditing practices and toolsets in the cloud are still immature compared to their enterprise counterparts and lack of visibility across the entire stack is still a challenge for most cloud consuming organizations. Additionally, the “castles in the cloud” syndrome still applies with many cloud providers taking the approach of fortifying their environment but not focusing on the different types of data being transacted on or traveling to and from their clouds.

Compliance Does Not Necessarily Equal Trustworthiness

Many of the standards and regulations that today’s cloud providers and cloud consuming organization have to abide by are largely focused on assessing capabilities to process and store information – they don’t guarantee the safety or trustworthiness of your data in the cloud. Trust is the key factor! Just as warning labels don’t’ make you safer – for example, you could still get hurt even though your car may come with warnings for seat belt usage – compliance certification doesn’t protect your data. Compliance and certification implies that the provider, the consumer or both have a well-controlled environment. The focus should be much more on the data, its access and its usage.

Focusing On What Really Matters To Build Consumer Trust

 

Cloud providers and cloud consuming organizations have the opportunity to put in place stronger data protection measures that align to today’s business and personal usage contexts. Security practitioners and auditors need to be able to talk about data protection in business consumable terms so that developers and business leaders can understand which types of data they need to especially focus protection measures on. It’s this rather than having a secure and compliant infrastructure that will help retain consumer trust in the long term and potentially help mitigate data breaches in the future.

Data classification schemes are going to have to be based on a variety of contextual measures and on different levels of personal and privacy-related data given our highly digitized personal and business futures. There won’t be any one scheme that will apply universally and it will need an industry-wide approach to ensure a cohesive strategy. If we don’t start focusing in this direction now, we will face even more egregious data exposures in the not so far future.

By Evelyn de Souza

Evelyn de Souza

Evelyn de Souza focuses on developing industry blueprints that accelerate secure cloud adoption for business as well as everyday living. She currently serves as the Chair of the newly formed Cloud Security Alliance (CSA) data governance and privacy working group. Evelyn was named to CloudNOW's Top 10 Women in Cloud Computing for 2014 and SVBJ’s 100 Women of Influence for 2015. Evelyn is the co-creator of Cloud Data Protection Cert, the industry's first blueprint for making data protection "business-consumable” and is currently working on a data protection heatmap that attempts to streamline the data privacy landscape.
Cloud Computing Humor

AI-Powered Analytics: Q&A with Sonata Software’s Manu Swami

Welcome to today’s enlightening Q&A session on “AI for Enhanced Analytics,” where we are privileged [...]
Read more
Bill Britton

Pioneering Cybersecurity Education: An Interview with Cal Poly’s CIO Bill Britton

Interview with Cal Poly’s CIO Bill Britton Welcome to CloudTweaks, where today we’re diving into [...]
Read more
Sushil Kumar

Generative AI and Cloud Computing: The Greatest Infusion

Generative AI The fusion of cloud computing, app modernization, and artificial intelligence (AI) drives digital [...]
Read more

5 Azure Cost Management Strategies

What Is Azure Cost Management? Azure cost management refers to the practices and processes that [...]
Read more

Maximize IT Asset Efficiency: Discover Top Leading Management Tools

Maximize IT Asset Efficiency In today’s digital age, IT Asset Management (ITAM) services have become [...]
Read more

Navigating M&A Waters: The Core Role of Active Directory Migrations

Navigating M&A Waters On the whole, 2023 was a slow year for mergers and acquisitions. [...]
Read more

SPONSOR PARTNER

Unlock the power of Google Cloud with a $350 signup credit. Experience enhanced scalability, security, and innovation for your projects today!
© 2024 CloudTweaks. All rights reserved.