2011 is turning out to be the worst year ever for security breaches.” In the last 10 years, I don’t think we’ve seen breaches that have affected consumers at this scale,” said Ondrej Krehel, Information Security Officer for Identity Theft 911. Cloud computing has eliminated corporate network boundaries; as enterprises migrate mission critical business data to SaaS applications like Salesforce, there is an urgent need to extend internal data privacy, security and compliance programs into the cloud.
Can the cloud be trusted? The graphic below represents some of the major security breaches that became public in the first half of 2011. Cloud-based email marketing services company, Epsilon’s data breach is going to cost anywhere from $3-4 billion! The list of affected companies includes several financial organizations such as JPMorgan Chase, Citibank and Barclays Bank, major hotel chains such as Marriott and Hilton, and big retailers such as Best Buy and Walgreens. A majority of these organizations stored millions of customer records within the Epsilon cloud. Industry experts have warned that attackers could use the customer email addresses and knowledge of their bank and merchant relationships to launch brute-force attacks to compromise weak passwords and phishing attacks to steal sensitive data such as financial information or login credentials to other sites, industry experts have warned. In fact, days after the incident, the Better Business Bureau reported a phishing email attack resulting from the Epsilon hack and targeted towards Chase customers.
In addition to the financial repercussions, most of these companies will be required to notify millions of their customers regarding the breach, which will have a negative impact on their brand. Cloud adoption, while strong, has been hampered with concerns about data privacy and security in a multi-tenant environment controlled by a third-party. The Epsilon data breach has brought those concerns back to the forefront and highlighted the importance of implementing solutions that help retain complete control over data stored in the cloud.