What Data Breaches Should Spell To Security Practitioners

Cloud Security Practitioners And Auditors

Today we have seen relatively few data breaches in the cloud despite its growing use for mission-critical workloads. However, as cloud increasingly becomes the backend for our mobile devices, for the Internet of Things (IoT) and for other daily life functions, we can safely predict that hackers will set their sights on such troves of personal data.

This year’s data breaches have been characterized by massive exposures of personal information and identities. With the Internet of Things’ devices introducing streams of data that are far more personal and intimate than the current Digital Economy and those streams providing increased pathways to the cloud, it makes cloud an increasingly attractive target for data breaches.

Have We Become Too Trusting Of The Cloud?

Though cloud is recognized as a different paradigm to en premise security, it seems that many of the same security standards and frameworks still apply. Auditing practices and toolsets in the cloud are still immature compared to their enterprise counterparts and lack of visibility across the entire stack is still a challenge for most cloud consuming organizations. Additionally, the “castles in the cloud” syndrome still applies with many cloud providers taking the approach of fortifying their environment but not focusing on the different types of data being transacted on or traveling to and from their clouds.

Compliance Does Not Necessarily Equal Trustworthiness

Many of the standards and regulations that today’s cloud providers and cloud consuming organization have to abide by are largely focused on assessing capabilities to process and store information – they don’t guarantee the safety or trustworthiness of your data in the cloud. Trust is the key factor! Just as warning labels don’t’ make you safer – for example, you could still get hurt even though your car may come with warnings for seat belt usage – compliance certification doesn’t protect your data. Compliance and certification implies that the provider, the consumer or both have a well-controlled environment. The focus should be much more on the data, its access and its usage.

Focusing On What Really Matters To Build Consumer Trust

 

Cloud providers and cloud consuming organizations have the opportunity to put in place stronger data protection measures that align to today’s business and personal usage contexts. Security practitioners and auditors need to be able to talk about data protection in business consumable terms so that developers and business leaders can understand which types of data they need to especially focus protection measures on. It’s this rather than having a secure and compliant infrastructure that will help retain consumer trust in the long term and potentially help mitigate data breaches in the future.

Data classification schemes are going to have to be based on a variety of contextual measures and on different levels of personal and privacy-related data given our highly digitized personal and business futures. There won’t be any one scheme that will apply universally and it will need an industry-wide approach to ensure a cohesive strategy. If we don’t start focusing in this direction now, we will face even more egregious data exposures in the not so far future.

By Evelyn de Souza

Deepak Jayagopal

Leveraging DevOps Infrastructure as Code to Improve Cloud Provisioning Time by 65%

Improving Cloud Provisioning Time Infrastructure provisioning used to be a highly manual process for Digital Service Providers (DSPs). Infrastructure engineers would rack and stack the servers and will manually configure them. Then they will install ...
Kyle Bernard Author

FlightHub and JustFly on Facial Recognition Technology, Travel and Privacy

Facial Recognition Technology For years facial recognition technology only existed in science books, television and cinema. The idea was brilliant. However, real-world technology hadn’t yet caught up with the concept. That’s changed in recent years ...
Eddie Segal

Kubernetes on AWS: Tips for Cloud-Native Development

Kubernetes AWS Tips Kubernetes is a container orchestration and management tool that automates container deployment. Kubernetes is mainly used in the cloud. A recent survey by CNCF showed that 83% of organizations deploy Kubernetes on ...
Couchbase

Episode 12: Transitioning from a Relational to NoSQL Cloud Database

Relational to NoSQL Cloud Database Like so many other areas of technology, the database is changing. For a long time we worked with relation databases and SQL, but the demands for flexibility, security and speed ...
Anita Raj

Post-COVID: What decisions are leaders taking about digital transformation in 2021?

Digital transformation in 2021 If organizations were once only talking about digital transformation (DX), in 2020, it was all about translating that talk into some real action. When the pandemic hit and businesses were disrupted, ...
Suraj Gupta

The Rise of the “Ecosystem of Ecosystems”

Ecosystems Emergence Even during these uncertain times, once fierce competitors are now collaborating and co-existing to not only survive, but thrive. Salesforce is partnering with Microsoft and AWS for better customer success. Apple is partnering ...