Breached Data – Keeping it Secret Doesn’t Make It Go Away

Breached Data

When Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later.

The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all.

The arguments for moving to the cloud have always included the fact that CSPs make it their business to keep security at the highest levels possible. Their value statements include the concept that internal IT systems and on-premises storage can be more easily overrun due to project and maintenance bottlenecks. But when a high-profile cloud provider suffers a breach, the credibility counter resets to zero or lower.

Additionally, the idea of keeping the breach quiet is unsettling. Uber’s well publicized episode and subsequent payoff reveals a particularly human weakness: the expectation that if you hide something bad, it will never see the light of day. That is obviously not true. The damage from a breach will eventually come to light, but the delay between incident and revelation causes far greater harm to customers as well as to a company’s own reputation.

The fact is, applications running in the public cloud are not completely immune from breaches. Sanjay Beri, founder and CEO, Netskope, stated recently that “While cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information. With the rise of cloud threats like accidental data exposure, malware, and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss.”

Together, technical vulnerabilities and human “weakness” in crisis management identify two vital reasons why a CSP needs to work with a Certified Cloud Security Professional (CCSP). In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This can include essential crisis management preparation and deployment strategies.

The CCSP Designation

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The Cloud Is Still the Better Place

Numerous studies, including a recent (2017) one from Schneider Electric, quoted in Infoworld, showed that confidence in cloud and in CSPs remains positive, but that much of this is based on its ability to remain proactive.

Cloud-based security outpaces traditional and on-prem security approaches through a combination of proactivity, cost effectiveness and easier integration with devOps: “Security and devOps seem to mix best when security is part of a service accessed outside the development and deployment platforms. That external, service-oriented nature means security can easily be made part of most devOps processes.

In just the same way a CSP provides a solution to the companies it works with, the hands-on expertise and strategic wisdom of CCSP adds an additional layer of relevance and practical application of security techniques. They are a second set of eyes for those unguarded or forgotten physical weaknesses left open to exploitation to hackers, but they also work as the voice of reason in the formulation of a strategy and practice. A cloud service provider working in league with a CCSP helps ensure business on the cloud stays secure and profitable for the end users.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/CCSP.

###

By Steve Prentice

Bill

The Data Lake Chronicles: Pitching Through Pain, Vampire Indecisions and Second Surgeries

The Data Lake Chronicles There is a phrase in baseball about pitchers “pitching through pain” that refers to pitchers taking the mound to pitch even ...
Kishore Durg

Relevance at scale is the key to growth – just ask Del Monte Foods

Relevance at scale is the key to growth Consumer goods companies have seldom had things tougher. The possibilities shown to consumers by customer experience leaders ...
Sekhar Bio

A Closer Look at Insider Threats and Sensitive Data

Sensitive Data in the Cloud A recent survey report conducted by the Cloud Security Alliance (CSA) revealed that  sensitive data in the cloud had reached ...
Brad Thies

System Vulnerabilities Are an Issue for Everyone

System Vulnerabilities Are an Issue for Everyone Over the past decade, we have seen a drastic increase in the number of companies relying on cloud ...
Mark Casey Apcela

Evolving the enterprise network architecture in the era of hybrid cloud

Enterprise Network Architecture The use of cloud infrastructure and SaaS applications has been a key element in helping companies improve business processes. One missing ingredient ...