There have been some recent high-profile data breaches that have affected companies that use the cloud. Cloud security should always be on top of mind especially for Business Continuity and Disaster Recovery professionals, because data breaches often lead to larger business continuity problems.
The Ponemon Institute expects that the worldwide cloud computing market is expected to grow to $191b by 2020 which demonstrates the increasing cloud appetite.
Poorly implemented security has exposed critical data for several high-profile cloud users. One of the recently publicized breaches exposed information on more than 3M customers and Another exposed critical customer information on approximately 14M customers. Yet another had data on more than 106M customers and applicants compromised. The common theme between these three security breaches was poorly implemented data security and controls on their cloud servers.
The most recent of these high-profile breaches may have compromised their data because they overlooked a simple principle; allowing too much access for insider accounts.
Insider threat is a serious concern for organizations, and many do not follow established best practices. All organizations should conduct frequent access rights reviews and immediately remove access when a user leaves the organization. Had these organizations implemented appropriate change management procedures and turned off access they may not be in the news today.
What can we learn from these exploited organizations?
- First and foremost, enforce proper change management procedures.
- Follow the proper principles of identity and access management which is to enforce least privilege to restrict access.
- Harden cloud resources and shift and adjust controls as people come and go.
- Finally, make sure that the business continuity team has prepared plans to respond to and recover from a data breach.
For more great industry information, check out our free whitepaper:
Written by Mike Jennings, VP of Advisory Services
Mike leads the Assurance Advisory Services team. During his more than 26 years of business continuity management, disaster recovery and enterprise risk management experience, he has mentored clients and helped them solve their program needs. Mike has worked extensively with clients throughout the world on their BCM programs, including their underlying incident management and crisis management programs.