+1 (650) 356-8500 info@scality.com

The Blame Game in Data Breach

We can spend a lot of time—and hot air—looking for the specific vulnerability or the specific person who was responsible for but didn’t apply some specific patch or update that could have prevented it. That, unfortunately, is looking at the problem in a way that won’t result in a real solution. I’m not excusing vulnerabilities, and I don’t in any way want to discount the impact that data breaches have on businesses and individuals: it’s easy to see the effect on companies, and I’ve been the unhappy victim of identity theft in one of the well-publicized breaches myself.

It’s in the Numbers

Yahoo still tops the list, in terms of the number of people affected. Yahoo disclosed in 2016 and 2017 that that three billion accounts had been compromised in 2013 and 2014.  The impact on individual, let’s call them “end-victims” was huge, as their names, addresses, telephone numbers, birth dates and security questions were all exposed.  The impact on Yahoo itself is sobering: in the midst of an acquisition at the time, the financial hit was easy to see as an estimated $350 million was lopped-off their selling price. (Reference — https://www.csoonline.com/article/2130877/data-breach/the-16-biggest-data-breaches-of-the-21st-century.html, October 11th, CSO Magazine)

While not the largest, the Equifax breach really hit hard, as, by their own account, Equifax aggregates information on over 820 million individual consumers and 91 million businesses around the world. ( http://www.equifax.com/about-equifax/company-profile October 24, 2017). And we trust(ed) them. They’ve got it all.  In fact, when my identity was breached in a low-tech phishing scheme in which someone in the accounting department of a former employer of mine handed thousands of employee W-2’s over to an imposter CEO, Equifax was one of the three credit reporting agencies I rushed to to lock-down my credit. To protect myself.

2017 has been a very big year for hacks and breaches.  Verizon and Equifax are probably the best-known (and perhaps the largest), but there have been countless others: Hipchat, Wonga, countless healthcare and other organizations hit by WannaCry. Even the dark web got hacked in 2017: when Freedom Hosting got hit, the breach took down one fifth of the dark web. (ZDNet, September 20, 2017 – http://www.zdnet.com/pictures/biggest-hacks-leaks-and-data-breaches-2017/2/).  Credit cards, social security numbers, private photos, intellectual property – it’s all vulnerable.

Breaches are going to happen.  We need to take a step back and do the right thing.  Store data securely so that when a hack happens, the data is protected.  A well-designed storage solution will take into consideration compliance needs and implement proper security protocols and best practices in the <architecture.

Security Regulations Offer Real Guidance – Not Just Red Tape

Compliance regulations have a foundation in reality, even if sometimes they can feel onerous. Some commonalities across different regulations describe basic, commonsense safeguards:

  • Role-based Access – Not everyone should have privileged access to sensitive information in an organization. Rose-based access that provides appropriate levels of access for users, administrators or others is a basic safety mechanism for controlling access to sensitive data.
  • Data Encryption – At rest (while stored) as well as while data is in transit — when uploading and downloading data.
  • Data Integrity – Ensure that protections are in place to prevent data from being tampered or altered (intentionally or unintentionally).
  • Network Security – Firewall rules and network segmentation to protect systems and services.
  • Auditing – Record all transactions and changes made to data and access privileges.

Secure Storage

We can help. Scality RING can be a strong ally in your plan to meet data availability, retention and security requirements. And, you can use its multi-geo options to distribute data across availability zones to ensure data access even when an entire data center—and even part of another—are lost.

NASA

Tyna Callahan

Tyna Callahan

Sr. Director of Communications

News & Events

NEWS

Introducing RING8 with XDM

Intelligent data storage and orchetration for large-scale hybrid cloud

BLOG

Bulletproof Storage

A perfect example of digital transformation

EVENTS

Events & Webinars

Meet with Scality

 

Get a Live Demo

Request a demonstration

 

SAN FRANCISCO, USA

555 California Street, Suite 3050
San Francisco, CA, 94104
Email: sales.us@scality.com
Telephone: +1 (650) 356-8500
Fax: +1 (650) 356-8501
Toll Free: +1 (855) 722-5489


PARIS, FRANCE

11 rue Tronchet
75008 Paris, France
Email: sales.eu@scality.com
Telephone: +33 1 78 09 82 70


WASHINGTON, D.C., USA

43777 Central Station Drive, Suite 410
Ashburn, VA 20147, USA
Email: sales.us@scality.com
Toll Free: +1 (855) 722-5489

BOSTON, USA

50 Milk Street, 16th Floor
Boston, MA 02109, USA
Email: sales.us@scality.com


TOKYO, JAPAN

Otemachi Bldg. 4F, 1-6-1, Otemachi
Chiyoda-ku Tokyo, 100-0004 Japan
Email: sales.japan@scality.com
Telephone: +81-3-4405-5400


LONDON, UNITED KINGDOM

20 St Dunstans Hill
London, United Kingdom, EC3R 8HL
Email: sales.eu@scality.com
Telephone: +44 203 795 2434

Share This