A MAJOR AUSTRALIAN ORGANISATION WAS FORCED TO SHUT DOWN ITS EMAIL AND ONLINE BILLING SERVICES LAST MONTH DUE TO A SECURITY BREACH WHERE PRIVATE CUSTOMER INFORMATION WAS PUBLICLY AVAILABLE ONLINE. CONSIDERING THAT THESE WEB PAGES WERE HOSTED BY A CLOUD VENDOR, HOW CAN ORGANISATIONS ENSURE THAT SENSITIVE INFORMATION, SUCH AS CUSTOMER DATA IS NOT PUBLICLY ACCESSIBLE?
Kareem Tawansi, CEO of software development provider, Solentive Software, offers his advice, “I could never be comfortable with storing sensitive data in the cloud. For people who understand technology and more specifically, about connectivity, my advice is to ensure you have control over all your sensitive data by putting in place all the physical and electronic security you believe it deserves.”
“Recent incidents involving major organisations globally highlight the fact that highly sensitive data can somehow surface to the public domain. In fact, one of the most powerful tools in security is obfuscation, or better still, invisibility; if people don’t know you’re there, they probably won’t find you because they won’t be looking for you,” continued Kareem.
“If you must put highly sensitive data in the cloud, on top of obfuscating, you must ensure that the data is highly encrypted on your end (beyond the built-in encryption provided by service providers),” concluded Kareem.