Naked selfies are all the rage these days, but this post isn’t about that. It’s about privileged data, however you define it. It’s the stuff you need to control, that not just anyone (maybe even no one) can be allowed to see. It could be financial data, medical information, legal documents, intellectual property or—yes—pictures of your naughty bits.
When we click that we have read and understood the Terms of Service for a cloud app (you do read the Terms of Service agreement, don’t you?) we’ve made a binding decision about our privileged data in the context of each cloud service we use. Cloud service providers operate under the assumption that a data breach is inevitable. Even if they’re confident in their own security, they know users are notoriously sloppy when it comes to their habits.
Mistakes happen and there isn’t a single cloud service out there that does not indemnify itself from any liability in the event of a breach.
In the world of enterprise IT, we want to believe the rules that apply to consumers shouldn’t apply to us. Should there be an expectation of security in Workday beyond what is provided in iCloud? That’s an interesting question. When was the last time anyone talked with their SaaS provider about the indemnity clause in their contract?
The pictures of naked celebrities leaked this week represented highly privileged data to their owners. Taken in private and with an expectation of privacy, something went wrong, but because the compromised data was photographs of female celebrities, much of the attention paid to the event has been misplaced.
Instead of nudity, let’s consider the data as if it were information stored within a company’s Salesforce.com environment. Perhaps easier if made personal: How much privileged data exists in your enterprise Salesforce instance? Which users have access to that data? Can you empirically prove the entities with those users’ credentials are the users themselves? What kind of damage would your organization suffer if that data fell into the wrong hands?
Maybe it helps to compare cloud services to parking garages. Some garages simply provide you with a place to park your car; the neighborhood might be sketchy, the lighting poor, and the attendants inspired by Ferris Bueller’s Day Off, but the price is right and you don’t mind the walk. Other garages are more expensive, but they are well-lit, staffed by security guards, outfitted with surveillance cameras, conveniently located and kept in tip-top shape.
While the latter might provide a greater sense of security, neither garage will take liability for valuables left in your car. The problem here is simply this: you deserve security, but security cannot be guaranteed.
You can’t be blamed for accidentally getting phished, but neither can you blame service provider when it happens to you. In the cloud, as in life, there’s a lot of gray. Bad things happen to good people, but those who educate themselves to the risks and actively invest in mitigating those risks are less likely to become prey.
Feature image via Flickr Creative Commons