When you move into a new place, one of the first things you do is change all the locks. It’s important to your sense of security that you control who has access to your home. Changing the locks just makes logical and practical sense. This same logic should also be applied to your business thinking when you are looking to secure your sensitive information in a new environment or an environment you don’t fully control.
It’s all about the data. I have been involved in cloud computing since 1999 (although we called it multi-tenant hosting & ASP – application service provider) and for sixteen years security has consistently been the #1 concern when organizations are asked about their adoption of cloud models. The concern does not reside with the use of a storage array they have no access to or the utilization of a virtual machine cluster in some unknown data center, it’s all about the data and sensitive information.
Last week at Black Hat in Las Vegas, IT security firm Imperva discussed a “man-in-the-middle” attack that affects certain enterprise file-sync-and-share (EFSS) services, allowing hackers access to files transferred into the cloud. This is a very relevant and interesting vector of attack for EFSS services.
Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal? It’s Google, it has to be secure right?