Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

3 reasons perimeter security is not enough for the cloud

Steve Pate | Dec. 5, 2013
Is the standard "M&M" model of data security enough to prevent your organisation from today's security threats?

3) Simple mistakes create more security breaches than malicious attacks. Even the most well-trained IT staff are human. While most organizations rightly worry about assaults on their data from hackers stealing data for profit, there is also the reality that a simple misconfiguration can also expose sensitive or regulated data. The breach notification laws don't care about who is at fault: if it's your unencrypted data that was exposed, you bear the cost and responsibility for notifying your customers or clients.

Again - the potential for bigger breaches or catastrophic datacenter disasters is much higher in virtualized environments. The cloud is built for agility, which means entire applications can be spun up, cloned, paused, or deleted in a matter of seconds. It is crucial that you implement controls and policies to ensure that privileged users - or those who gain their credentials - are prevented from doing damage.

The cost of breaches is increasing

Research by the Ponemon Institute about the cost and volume of data breaches noted that the 56 companies they surveyed experienced 102successful attacks per week, with a median annualized cost of $8.9 million. Both the number of attacks, and the cost, continue to trend upward each year.

The definition of a breach is also changing. Judges who determine the cause for class action lawsuits have also broadened their definition of how damages are defined. InfoSecurity Magazine commented on about the skyrocketing costs of legal damages and attorney's fees associated with data breaches, and the impact this is having on companies.

So, as you look forward to next year, what does your 2014 'perimeter' look like? If it looks more like lacey Swiss cheese than a concrete fortress, then it's time to evolve your organization's approach to security.

Source: Computerworld

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.