What Data Breaches Should Spell To Security Practitioners

Cloud Security Practitioners And Auditors

Today we have seen relatively few data breaches in the cloud despite its growing use for mission-critical workloads. However, as cloud increasingly becomes the backend for our mobile devices, for the Internet of Things (IoT) and for other daily life functions, we can safely predict that hackers will set their sights on such troves of personal data.

This year’s data breaches have been characterized by massive exposures of personal information and identities. With the Internet of Things’ devices introducing streams of data that are far more personal and intimate than the current Digital Economy and those streams providing increased pathways to the cloud, it makes cloud an increasingly attractive target for data breaches.

Have We Become Too Trusting Of The Cloud?

Though cloud is recognized as a different paradigm to en premise security, it seems that many of the same security standards and frameworks still apply. Auditing practices and toolsets in the cloud are still immature compared to their enterprise counterparts and lack of visibility across the entire stack is still a challenge for most cloud consuming organizations. Additionally, the “castles in the cloud” syndrome still applies with many cloud providers taking the approach of fortifying their environment but not focusing on the different types of data being transacted on or traveling to and from their clouds.

Compliance Does Not Necessarily Equal Trustworthiness

Many of the standards and regulations that today’s cloud providers and cloud consuming organization have to abide by are largely focused on assessing capabilities to process and store information – they don’t guarantee the safety or trustworthiness of your data in the cloud. Trust is the key factor! Just as warning labels don’t’ make you safer – for example, you could still get hurt even though your car may come with warnings for seat belt usage – compliance certification doesn’t protect your data. Compliance and certification implies that the provider, the consumer or both have a well-controlled environment. The focus should be much more on the data, its access and its usage.

Focusing On What Really Matters To Build Consumer Trust

 

Cloud providers and cloud consuming organizations have the opportunity to put in place stronger data protection measures that align to today’s business and personal usage contexts. Security practitioners and auditors need to be able to talk about data protection in business consumable terms so that developers and business leaders can understand which types of data they need to especially focus protection measures on. It’s this rather than having a secure and compliant infrastructure that will help retain consumer trust in the long term and potentially help mitigate data breaches in the future.

Data classification schemes are going to have to be based on a variety of contextual measures and on different levels of personal and privacy-related data given our highly digitized personal and business futures. There won’t be any one scheme that will apply universally and it will need an industry-wide approach to ensure a cohesive strategy. If we don’t start focusing in this direction now, we will face even more egregious data exposures in the not so far future.

By Evelyn de Souza

Gary Bernstein
AI-powered identity verification Even if you don’t want to admit it, doing business online in today’s environment poses a greater risk. Criminals are constantly on the lookout for vulnerabilities to exploit, including hacking, data breaches, ...
Ray Meiring
Fueled by extensive demand in IT, healthcare, financial services, and telecommunication—initially spurred by the pandemic-driven frenzy to transition to remote working—managed service providers (MSPs) are busier than ever. As businesses adopt MSP services to upgrade, ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Ronald van Loon
In 2030, AI will likely contribute around $15.7 trillion to the global economy. Organizations that invest significantly in AI and leverage practices that accelerate and scale AI development have been shown to gain the highest ROI from AI ...
Vulnerabilities
Cyber Threat Intelligence In an era of rapid digital transformation, we have witnessed a concerning evolution in the cyber threat landscape. Recent data analyses, as illustrated in the "Cyber Threat Intelligence Index: Q3 2023" report, ...
Tiago Ramalho
More equitable future for food distribution with AI At best, only 70% of food gets used in the United States. The rest goes to waste. Although devastating, the good news is this massive waste of ...

Get Smarter

Whether you're just starting out in the online industry or looking to take your skills to the next level, Get Smarter eLearning platform is the perfect choice for you. Sign up today and start your journey towards online success!

Use code LEARN15 to enjoy 15% off all courses.