Hackers! They’re out there, and they can do very bad things to a company and its data, as recent headline-making breaches like Target’s show. And the NSA and other government agencies are, as we know, out there too. In the current climate, it can seem that enterprises’ cloud data protection strategies must focus on defense against external forces. That’s not the whole story, though. The implications of poor cloud data protection go far beyond the kind of threats that typically make the news. Here are two reasons why.
1. Compliance violations are costly
A compliance violation doesn’t have to result in a successful intrusion for regulatory bodies to levy penalties on the offending organizations. HIPAA violations can result in fines of up to $50,000 per violation depending on the cause and severity of the violation. Even with the $1.5 million annual cap on penalties, that’s a lot for an organization to pay out. PCI DSS penalties range from $5,000 to $100,000 per month to acquiring banks, penalties that the banks will pass on down to merchants, with whom they’ll most likely also terminate relationships if the merchants’ violations resulted in the fines. And what about noncompliance with the GLBA? In addition to civil penalties of up to $100,000 per violation for organizations, GLBA holds officers and directors personally liable for penalties of up to $10,000. Other fines and criminal prosecution may also apply.
2. Employees can make you vulnerable
The external threats of hackers and other third parties are, as I mentioned, very real, but just as real is the threat of negligence and involuntary data leaks from within. In other words, employee mistakes. Do all your employees know everything there is to know about what data is protected, where it may be stored, and when and how and to whom it may be revealed? Or is it possible that even the most well-meaning employee might inadvertently do something with your data that leads to a vulnerability, compliance violation, or exposure? Poor cloud data protection that fails to secure data from the moment it leaves your perimeter, enables employees to put your information at risk. The same cloud data protection measures—encryption, tokenization, and strong DLP enforcement—that ward off hackers can also keep your corporate information secure against the mistakes of well-meaning employees.
Cloud data protection is about more than defending against hackers and third party agencies. Any compliance violation or leak can cost your organization thousands or millions in fines and lead to disastrous public disclosures. Be proactive and develop a cloud data protection strategy that takes control of your data to avoid expensive mistakes.
What other data threats do organizations face? Tell us your thoughts in the comments.