Breached Data

Breached Data – Keeping it Secret Doesn’t Make It Go Away

Breached Data

When Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later.

The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all.

The arguments for moving to the cloud have always included the fact that CSPs make it their business to keep security at the highest levels possible. Their value statements include the concept that internal IT systems and on-premises storage can be more easily overrun due to project and maintenance bottlenecks. But when a high-profile cloud provider suffers a breach, the credibility counter resets to zero or lower.

Additionally, the idea of keeping the breach quiet is unsettling. Uber’s well publicized episode and subsequent payoff reveals a particularly human weakness: the expectation that if you hide something bad, it will never see the light of day. That is obviously not true. The damage from a breach will eventually come to light, but the delay between incident and revelation causes far greater harm to customers as well as to a company’s own reputation.

The fact is, applications running in the public cloud are not completely immune from breaches. Sanjay Beri, founder and CEO, Netskope, stated recently that “While cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information. With the rise of cloud threats like accidental data exposure, malware, and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss.”

Together, technical vulnerabilities and human “weakness” in crisis management identify two vital reasons why a CSP needs to work with a Certified Cloud Security Professional (CCSP). In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This can include essential crisis management preparation and deployment strategies.

The CCSP Designation

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The Cloud Is Still the Better Place

Numerous studies, including a recent (2017) one from Schneider Electric, quoted in Infoworld, showed that confidence in cloud and in CSPs remains positive, but that much of this is based on its ability to remain proactive.

Cloud-based security outpaces traditional and on-prem security approaches through a combination of proactivity, cost effectiveness and easier integration with devOps: “Security and devOps seem to mix best when security is part of a service accessed outside the development and deployment platforms. That external, service-oriented nature means security can easily be made part of most devOps processes.

In just the same way a CSP provides a solution to the companies it works with, the hands-on expertise and strategic wisdom of CCSP adds an additional layer of relevance and practical application of security techniques. They are a second set of eyes for those unguarded or forgotten physical weaknesses left open to exploitation to hackers, but they also work as the voice of reason in the formulation of a strategy and practice. A cloud service provider working in league with a CCSP helps ensure business on the cloud stays secure and profitable for the end users.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/CCSP.

###

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
Five Ways CPQ Is Revolutionizing Selling Today

Five Ways CPQ Is Revolutionizing Selling Today

CPQ Is Revolutionizing Selling Configure-Price-Quote (CPQ) continues to be one of the hottest enterprise apps today, fueled by the relentless ...
Who Leads Digital Transformation? Historically, It Was The CIO

Who Leads Digital Transformation? Historically, It Was The CIO

Who Leads Digital Transformation? On my way to the office last week, I was stopped at a stoplight that only ...
How Strategy – Not Technology – Is The Real Driver For Digital Transformation

How Strategy – Not Technology – Is The Real Driver For Digital Transformation

The Real Driver For Digital Transformation Business owners and executives today know the power of social media, mobile technology, cloud ...
Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? Making Your Data Scientists Obsolete

Is Machine Learning The Future? In a recent study, almost all the businesses surveyed stated that big data analytics were ...
Technology Cloud Contributor

The Competitive Cloud Data Center

The Competitive Cloud The corporate data center was long the defacto vehicle for all application deployment across an enterprise. Whether ...
Multi or Hybrid Cloud, What’s the Difference?

Multi or Hybrid Cloud, What’s the Difference?

Multi Cloud You’ve likely heard about the latest trend in cloud computing commonly referred to as multi-cloud, and it is ...
Cisco Announces Intent to Acquire July Systems

Cisco Announces Intent to Acquire July Systems

Today we are announcing our intent to acquire July Systems, a privately-held company headquartered in Burlingame, California with offices in Bangalore, India. We are excited to welcome July Systems and its cloud-based mobile experience and ...
Etsy Raises 2018 Revenue Forecast While Increasing Transaction Fees For Sellers

Etsy Raises 2018 Revenue Forecast While Increasing Transaction Fees For Sellers

(Reuters) - Etsy Inc on Thursday raised its full-year revenue growth forecast and increased its transaction fee for sellers, sending the e-commerce company’s shares up more than 19 percent in premarket trading. Etsy expects revenue ...
Teradata Board of Directors Strengthens Cloud Expertise

Teradata Board of Directors Strengthens Cloud Expertise

Joanne Olsen brings significant cloud experience, including a mix of sales, support and product management Teradata (NYSE: TDC), the leading cloud-based data and analytics company, today announced the election of Joanne Olsen to its board of directors, ...