Breached Data – Keeping it Secret Doesn’t Make It Go Away

Breached Data

When Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later.

The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all.

The arguments for moving to the cloud have always included the fact that CSPs make it their business to keep security at the highest levels possible. Their value statements include the concept that internal IT systems and On-Premises storage can be more easily overrun due to project and maintenance bottlenecks. But when a high-profile cloud provider suffers a breach, the credibility counter resets to zero or lower.

Additionally, the idea of keeping the breach quiet is unsettling. Uber’s well publicized episode and subsequent payoff reveals a particularly human weakness: the expectation that if you hide something bad, it will never see the light of day. That is obviously not true. The damage from a breach will eventually come to light, but the delay between incident and revelation causes far greater harm to customers as well as to a company’s own reputation.

The fact is, applications running in the public cloud are not completely immune from breaches. Sanjay Beri, founder and CEO, Netskope, stated recently that “While cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information. With the rise of cloud threats like accidental data exposure, malware, and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss.”

Together, technical Vulnerabilities and human “weakness” in crisis management identify two vital reasons why a CSP needs to work with a Certified Cloud Security Professional (CCSP). In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This can include essential crisis management preparation and deployment strategies.

The CCSP Designation

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The Cloud Is Still the Better Place

Numerous studies, including a recent (2017) one from Schneider Electric, quoted in Infoworld, showed that confidence in cloud and in CSPs remains positive, but that much of this is based on its ability to remain proactive.

Cloud-based security outpaces traditional and on-prem security approaches through a combination of proactivity, cost effectiveness and easier integration with devops: “Security and devOps seem to mix best when security is part of a service accessed outside the development and deployment platforms. That external, service-oriented nature means security can easily be made part of most devOps processes.

In just the same way a CSP provides a solution to the companies it works with, the hands-on expertise and strategic wisdom of CCSP adds an additional layer of relevance and practical application of security techniques. They are a second set of eyes for those unguarded or forgotten physical weaknesses left open to exploitation to hackers, but they also work as the voice of reason in the formulation of a strategy and practice. A cloud service provider working in league with a CCSP helps ensure business on the cloud stays secure and profitable for the end users.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/CCSP.

###

By Steve Prentice

Rahul
How to Start Your Cloud Career Cloud computing is the present. And it is the future as well!! In fact, a quote by Chris Howard says, ‘Cloud Computing is a spectrum of things complementing one ...
Frank Suglia
Managing Data Sprawl Over the last two years, our world experienced a dramatic acceleration of digital transformation. The COVID-19 pandemic upended normal operations for many businesses and shifted the pace of technology adoption into warp ...
Stacey Farrar
Document Migrations Require More Diligence Data creation has risen dramatically in recent years and shows no signs of slowing. According to analyst firm IDC, widespread remote work led to a spike of new data in ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Matrix
When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.