Friday , 24 March 2017

Careless Programming Can Negate Cloud Security

– David Gibson, VP of Strategy, Varonis, says:

In a recent blog post for Forrester Research, analyst Mike Gualtieri remarked that the security of cloud data storage services can be negated by a single careless programmer (  Dropbox has famously fallen victim to this problem. 

Cloud data storage services are another form of outsourcing and as such client companies are incredibly reliant on the actions of the outsourced organization (and their staff) for data governance and security issues.  At the same time, the liability for the data remains with the client company. You can outsource the function, but you cannot outsource the liability, which means a single misstep by your cloud provider — as Gualtieri says — can obliterate your company’s reputation.

Gualtieri goes on to say, “…don’t just tell me about your authentication and encryption for file access, transfer, and storage. Tell me how your testing processes will catch coding errors that could compromise the security of my files.”  Beyond coding errors, organizations have already invested time and money in authorization processes (including regular entitlement reviews), classification technologies, disaster recovery, and other controls.

Without processes, controls, and testing that are comparable to those found in today’s data-driven organizations, outsourcing of data management to a cloud provider is a dangerous game.  In the UK, for example, a slip-up could well land you with a data breach penalty of up to £250,000 from the Information Commissioner’s Office.

Besides putting your cloud provider through a comprehensive vetting process, these risks may be easier to mitigate by opting for technologies that enable businesses to keep their data on their own servers, using existing permissions, policies and procedures, while providing the same end-user convenience.

Host in Ireland