Breached Data – Keeping it Secret Doesn’t Make It Go Away

Breached Data

When Uber’s massive data breach made it to the public’s ears recently, it became a member of an infamous group of companies who not only had vital customer data stolen, but who sat on the story and did not inform the public or the media until much later.

The reasons for data breaches vary, but are heavily tinted by human errors and the presence of unprotected files or weaknesses on cloud servers. This is something that should make all cloud service providers (CSPs) sit up and take notice. Bad PR for one is bad PR for all.

The arguments for moving to the cloud have always included the fact that CSPs make it their business to keep security at the highest levels possible. Their value statements include the concept that internal IT systems and On-Premises storage can be more easily overrun due to project and maintenance bottlenecks. But when a high-profile cloud provider suffers a breach, the credibility counter resets to zero or lower.

Additionally, the idea of keeping the breach quiet is unsettling. Uber’s well publicized episode and subsequent payoff reveals a particularly human weakness: the expectation that if you hide something bad, it will never see the light of day. That is obviously not true. The damage from a breach will eventually come to light, but the delay between incident and revelation causes far greater harm to customers as well as to a company’s own reputation.

The fact is, applications running in the public cloud are not completely immune from breaches. Sanjay Beri, founder and CEO, Netskope, stated recently that “While cloud adoption is very much on the rise, organizations still lack confidence in the cloud’s ability to protect sensitive information. With the rise of cloud threats like accidental data exposure, malware, and ransomware aimed at exfiltrating data and extracting financial gain from sensitive data, IT teams need more robust intelligence, protection, and remediation to protect their data from breach or loss.”

Together, technical Vulnerabilities and human “weakness” in crisis management identify two vital reasons why a CSP needs to work with a Certified Cloud Security Professional (CCSP). In addition to a wealth of up-to-date technical knowledge around security issues and threats, a CCSP can also deliver strategic awareness and communications skills to the CSP’s management team. This can include essential crisis management preparation and deployment strategies.

The CCSP Designation

The CCSP designation was co-created by (ISC)² and Cloud Security Alliance, and is a globally recognized credential representing the highest standard of cloud security expertise. The certification attests to deep, up-to-date knowledge and hands-on experience with cloud security architecture, design, operations, and service orchestration.

To qualify, candidates must already possess a minimum of five years cumulative, paid, full-time work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

The Cloud Is Still the Better Place

Numerous studies, including a recent (2017) one from Schneider Electric, quoted in Infoworld, showed that confidence in cloud and in CSPs remains positive, but that much of this is based on its ability to remain proactive.

Cloud-based security outpaces traditional and on-prem security approaches through a combination of proactivity, cost effectiveness and easier integration with devops: “Security and devOps seem to mix best when security is part of a service accessed outside the development and deployment platforms. That external, service-oriented nature means security can easily be made part of most devOps processes.

In just the same way a CSP provides a solution to the companies it works with, the hands-on expertise and strategic wisdom of CCSP adds an additional layer of relevance and practical application of security techniques. They are a second set of eyes for those unguarded or forgotten physical weaknesses left open to exploitation to hackers, but they also work as the voice of reason in the formulation of a strategy and practice. A cloud service provider working in league with a CCSP helps ensure business on the cloud stays secure and profitable for the end users.

Interested in learning more about the CCSP certification? Download the Ultimate Guide to the CCSP or visit the (ISC)² website at www.isc2.org/CCSP.

###

By Steve Prentice

Episode 11: Leveraging the Power of WordPress with the Toolkit – and a Global Community

Episode 11: Leveraging the Power of WordPress with the Toolkit – and a Global Community

A conversation with TJ Danklefs of cPanel and Angelo Giuffrida of VentraIP Australia WordPress is a significant player in the global webspace, and tools like the WordPress toolkit allow businesses of all sizes prepare, stage, ...
Sebastian Grady

ERP Software License versus Cloud ERP SaaS Subscription ─ Pros and Cons 

Software License versus SaaS Subscription Your software is an asset. Software vendors such as Oracle and SAP are pressing customers to replace existing enterprise applications in order to move to the vendor’s new platform. Yet, ...
Mark Barrenechea

Introducing the Information Advantage

Technology. Information. Disruption. The world is moving faster than ever before at unprecedented scale. Businesses today are operating in the next industrial revolution, and the rules have changed. This is Industry 4.0. It is imposing ...
Matt Holleran

Cloud Marketplaces Give Startups A Leg Up – Part 2

Cloud Marketplaces In my last post, Cloud Platforms, Marketplaces, and Startups Part One, I examined the proliferation of partner ecosystems within the cloud software business, beginning with Salesforce AppExchange. Here, we’ll look at how startups ...
Alex Brisbourne

Industrial IoT Cyberattacks Continue To Rise

IoT Industrial Security The Internet of Things (IoT) includes both traditional electronics and everyday ‘things’ embedded with sensors, computing, and networking capabilities. From smart coffee makers and smart homes to smart lighting and smart cities, ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they were just five years ago. Unfortunately, they are still not ...