Why the radio silence with this data breach?
I’m confused. "The cloud is the answer" to so many things from scalability to security and performance. Sure, it’s not the be-all, end-all, but it is touted as a rational extension to your systems. I get it, and I agree… but I’ve been concerned about security from the get-go. I also think (thought) it would take a pretty signficant breach to get people seriously thinking about this, beyond the honeymoon stage of the technology.
Well, sure enough, that’s happened. This Epsilon Breach exposed emails and first names so far. I’m not ringing the bell on what was exposed, but I’m very concerned that this isn’t leading to calls for changes in how data is stored/managed/separated in these cloud providers. I talked about this on the show Friday too – check it out here.
Clearly the thought of the cloud providers being more secure is horse-pucky (a technical term). But that’s ok, frankly, if we can learn from it. I think we seriously need to be pressuring providers to separate data, and also on our own teams we need to be encrypting data from our sides, designing systems that are protected from our sides, not just relying on the cloud provider.
Easy enough, but the thing is, providers don’t give us this kind of access, not really. The standard is that a provider encyrpts their data, provides solid access controls and so-on. But, once some hacker is in, they get the whole ball of wax, exactly as we’ve seen with this Epsilon issue.
I think we need to wake up and get a bit more involved in the implementation of security for our systems. This isn’t a small feat, and it’s also not as easy. In some cases it will mitigate some positive aspects of using cloud providers (if you have to do all this additional work, what’s the point?) and I think many providers won’t be able to support it in the first place. How many providers are set up to encrypt the data from their end (a must) AND allow you to encrypt it from yours?
What needs to happen here? How do we move the needle on this? How do we cause some meaningful thought and change to happen?
What do you think? Let me know…