Celebrity photo leak forces businesses to rethink their cloud security tactics
by Kevin King
The leak and public distribution of hundreds of illicit photos, over the Labor Day weekend, featuring celebrities ranging from Jennifer Lawrence to Mary Elizabeth Winstead, has raised concern about security measures used to safe guard sensitive cloud-hosted data in enterprise environments.
It's been reported that this attack was not a data breach, but rather a coordinated effort to decipher the user names, passwords and security questions associated with the targeted accounts. That said, enterprises should use this as a reminder to be proactive regarding data security. The victims certainly had their privacy invaded, but businesses could face far worse consequences if they don't take the necessary steps to secure their networks.
Here are few strategies to help enterprises ward off would-be hackers:
Create a layered security strategy: There's no silver bullet for data security; enterprises must develop a security framework that includes several different security protocols like multifactor authentication, role-based access controls, effective log monitoring and management, ongoing application vulnerability scanning and security governance in accordance with existing standards.
Know where your data is: Cloud vendors should provide specific details about the physical location of data along with the technical, administrative and physical safeguards in place at that location. This is an ideal time to ask the tough questions about controls and security methodology.
Invest in enterprise cloud management: Recent studies show that businesses that outsourcing network security and management to external vendors can be less exposed or vulnerable to breaches. Most enterprise-class cloud providers have rigorous security methodologies in place (for their own business models to be successful) and in many cases enterprises that outsource to a cloud provider can improve the security controls for their organization.
Consider using a hybrid cloud solution: Not all data needs to be in the cloud. It often makes best business sense to keep certain data "local" in a secure managed data center while customer-facing apps live in the cloud. The hybrid cloud infrastructure approach allows companies to leverage their existing infrastructure and retain control of sensitive data in-house while using the cloud to realize cost efficiencies and scale.
Many enterprises rightly believe that cloud increases security. However, that does not mean these companies don't need to take security seriously and make sure they understand how to best keep customer data secure and mitigate the threat of data breaches where ever that data is stored.