Cloud-Knackered Disease: The effects of the data breach epidemic

Exhaustion by data breach.

cloud data disaster breach

Cloud-Knackered N. A state of exhaustion after too many cloud sites expose one's personal and private data. See: Experian/T-Mobile, Anthem, GPM, etc.

Becoming Cloud-Knackered is the process of having a key cloud provider knocked-over for your vitals, then a spree to see what kind of mayhem can be foisted. The chances are now better than even that your own data has been exposed in this way. 

It's not going to stop. A culture of blithe ignorance, poor regulatory enforcement, and the zeal to succumb to the slavery of Wall Street Earnings Reports means that, despite sincere dedication on the parts of IT staff, we're losing the battles.

It's going to get worse, far worse.

The dependencies on cloud data has become systemic. Few organizations can now avoid cloud use, and on a personal level, social media and just day-to-day interaction with government, bill-paying, banking, and other pressured conveniences now hold all of our vital details. Some industries have responded, such as healthcare, with compliance via HIPAA, which has slowed down inter-provider data exchange with walls that only a bureaucrat could love. 

Here are some of my candidates for the next round of mayhem. Please note that each of these organizations are likely well-protected, yet I fear for them, and fear for us, as they're likely the target of plentiful attack attempts:

  • Consider Klout, the system that checks in using your authenticated credentials, to Facebook, Twitter, LinkedIn, and so forth, noodling your social media creds to derive a score connoting your ostensible social media clout. What happens when someone dips a draw into the braintrust database of Klout, then has your credentials to spray mayhem through the web-o-sphere? Would that be a fine, lovely day for you?
  • Perhaps the next successful target is LastPass, which was recently bought by another online information broker providing remote access/VDI to thousands and thousands of screens—especially servers—LogMeIn (a product I once used). They have, if you're using LastPass correctly, the keys to the digital stuff you use every day, from A-Z. Tasty snack to put on the DarkWeb, no?
  • (Your Governmental Tax Authority here, ex: IRS) Tax authorities have a wealth of information, just like your large accounting firm, should you have one. Each of these is rife with information about work product, data, net work claimed (as opposed to a Forbes Magazine Guess). Want to know what that political candidate's actual network was, or the Schedule C/D from your next door neighbor? Lots of fun, here.

Let's take this a bit further. From which cloud sites would it not cause you and/or your organization, family, friends, colleagues, co-workers pain if they were broken into this afternoon? This is my point.

Security compliance today is a matter of someone's else's legal department. Yes, we have industry regulatory and compliance standards, but they rarely have any teeth. Did Sony or Anthem or Target (and now hundreds of others) go out of business because your data was breached? No.

Therein lies the bigger problem: the value of personal and organizational cloud assets aren't worth squat. The hangover from being cloud-knackered will continue until we stop it.

How? Standards. Enforcement. Having credit card companies (and Paypal, ApplePay, et al) stop accepting cards for organizations that are breached for 60 days. Yeah, it will hurt them, and let them feel the pain of misery now felt by other humans, and also other organizations.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

IT Salary Survey: The results are in