Who Should Protect Our Data?

Martin Mendelsohn

Who Should Protect Our Data in The Cloud?

You would think that cloud service providers are safe havens for your personal data – they all have a ‘security’ component embedded into their offerings and claim to be more secure than, well, my old kryptonite bicycle lock. AWS, Google Cloud and Azure are seeing their growth and adaptation spiking, as they displace ‘hosting’ solutions and ‘servers’ while technology races ahead.  Data has migrated to the cloud, the future is here, and you need this! Ah, but not so fast. Is the ubiquitous cloud providing any more security to you today than AOL provided with a password back in the Stone Age?  

Consider a few very recent data ‘leaks’ to make this determination.: Facebook – 540 million personal records accessed in a 2019 breach, UK National Health Service and US Office of Personnel Management -tens of millions of citizens’ personal data compromised, Equifax – 140 million personal data records accessed by unauthorized hackers, including Social Security numbers and credit card data.  

Hiding Your Data

In the face of these hacks, we continue to upload our data to the cloud. Why? Ease of use. It’s hard to break away from platforms that allow us to download and share our data from anywhere and with anyone. Even better, we don’t have to make too many decisions, as we trust the cloud to protect important internal and external information. But, with great power comes great responsibility. If we’re going to relinquish control to the cloud, then the CIOs and CTOs that oversee these platforms need to protect us. 

The role of the CIO/CTO should be to think strategically regarding longer term threats and challenges, of course, while at the same time keeping close to dark web and hacker industry developments. Here are several steps that leadership can take today to protect the data that they oversee:

Implement multi factor authentication 

A baseline for individual users accessing or updating sensitive personal information for credit cards, financial transactions and increasingly IoT applications.  This service is being developed typically by smaller and early stage companies and is sold to CIOs/CTOs as Authentication as a Service (AAAS). The user no longer requires a password, only a smartphone, pin and biometric identifier.  

Develop internal corporate cloud and systems management

CIOs and CTOs should take the lead on developing and establishing solutions and processes for cloud management. Very few cyber solutions providers can offer a one-stop shop for everything a company may require and patching together solutions from different providers can end up being more costly – and less effective – than going with an industry leader.  That said, industry leaders need to stay ahead of the threat prevention and mitigation curve.  

Education and Training

CIOs and CTOs should encourage all customers and employees to steer clear from emails or texts from unknown external sources.  You should never ‘click this link’ or ‘access here’ when the email or text sent to you has an unfamiliar suffix or username. One option to ensure internal compliance, is to penalize users who cause harm to internal IT systems, like hikers and snowboarders taking liberty with unauthorized trail access.

Don’t Go on Autopilot

Leadership should discourage employees from leaving passwords and usernames on ‘auto-pilot’ from their work computers, and even from smartphones. Access to bank or social media accounts from remote computers, from places that have public access or from your friend’s device should be restricted. This is not dissimilar to the challenges we are facing with coronavirus – be smart and don’t share germs, data or anything that can infect your health or device(s)

The CIO/CTO role has become much more complicated, and covets not only the mind of a technologist, but also the street smarts, dexterity and ingenuity of the nefarious actor.  This is one more reason why highly performing CIOs and CTOs are often compensated at the level of the COO or even CFO – technology is becoming the most critical, and exposed, role in a company’s portfolio.  

The cloud is changing how we interact with entities holding our corporate and personal data.  On the one hand, we perceive an enhanced level of trust and confidence in ‘cloud and hybrid services environments’ while on the other hand we do not fully understand emerging threats associated with cloud provisioning.  The individual needs to take action to prevent data leaks and access, and the services provider’s leadership must do the same – protecting itself and its stakeholders, customers and even shareholders from breaches and hacking.  Cloud and data technology (and adaptation) is moving forward very quickly, in direct correlation to the increasing level of exposure to threats and hazard. The time for action is not tomorrow, but yesterday.

By Martin Mendelsohn

Jeremy Daniel

Find Competitive Advantage through AWS by Partnering With The Experts

Setting up your cloud configuration is too important to not involve the experts MediaTemple & CloudTweaks Thought Leadership Brand Series So many great business ideas ...
Kokumai

History, Current Status and Future Scenarios of Expanded Password System

Future Scenarios of Expanded Password System Passwords are so hard to manage that some people are urging the removal of passwords from digital identity altogether. What ...
Atman Rathod

UX Design in the Age of DevOps: Transformation Through Collaboration

UX Design in the Age of DevOps DevOps is popular among modern IT strategists because it leaves no scope for lapses in the development process ...
Mobile Apps Business

It May Not Be Sexy, But Strict Compliance Delivers The Freedom To Innovate

Compliance and Business Innovation When the U.S. based non-profit organization RHD | Resources for Human Development decided to move its operations into the cloud, one ...
Robert Van Der Meulen

Focusing on Online Gaming Security During Development

Online Gaming Security Infrastructure Updated article: June 2nd, 2020 There are millions of gamers around the globe and as of 2018, video games generated sales ...
Aruna Headshot

Top Four Predictions in 2020 for Unified Collaboration

Predictions in 2020 The year 2020 promises to usher in significant new developments in collaboration and communication. It’s part of an unending climb, moving higher ...
Fig 2

Leveraging machine learning models for predictive maintenance of network services

Leveraging machine learning models As per lightreading's service assurance and analytics research study conducted with 100+ network operators and service providers, nearly 40% reported that ...
Back G Cloud

Five Reasons Why There’s A Digital Stampede To The Cloud

The Digital Stampede As the transfer of digital assets to the cloud gathers momentum, we examine the fundamental reasons why it’s happening Many organizations have ...
Aarti Parikh

What are the Capabilities of the AWS Serverless Platform?

AWS Serverless Platform AWS serverless compute services allow to build and deploy applications on AWS cloud without having to manage the servers. AWS serverless platform ...
Ajay

Explainable Intelligence Part 1 – XAI, the third wave of AI

Explainable Intelligence Artificial Intelligence (AI) is democratized in our everyday life. Tractica forecasts the global artificial intelligence software market revenues will grow from around 9.5 billion US ...