“Keep it secret, keep it safe.” Gandalf uttered these words to Frodo Baggins moments after leaving him with the one Ring. These words would become Frodo’s marching orders throughout the duration of his journey to destroy the Ring. Countless gave their lives in the quest to rid the world of its horrors, all under the mission statement of Gandalf’s wise words. Not too recently, in the real world, several companies and institutions issued a similar warning to business and clients—keep it secret, keep it safe.
Last week USA Today reported that “the names, addresses and phone numbers of millions of Verizon customers were publicly exposed online by one of the company’s vendors.” Verizon confirmed that about 6 million customer accounts were made publicly available in the leak, all due to a mistake by one of their vendor’s employees. This employee, after uploading the information to the cloud, made it externally accessible, meaning that any cloud user could potentially access the private data. Thankfully, according to Verizon spokesperson David Samberg, “There has been no loss or theft of Verizon or Verizon customer information.”
Leaks like these are not uncommon, and more often than not, are the result of human error. Like in the case of the Verizon mishap, cloud leaks result from negligence and ignorance on behalf of employees. The Republican National Committee recently experienced a similar leak. One report notes, “RNC contractor — Deep Root Analytics — had failed to ensure that the voter files stored on an Amazon cloud account were not available to public access.” The unsecured, unprotected was an easy target.
The unfortunate reality is that leaks like those at Verizon and the RNC will only continue to happen unless companies take steps to protect their clients’ data. One option, an increasingly popular one, is to continue to automate cloud security processes. Because leaks are often times the result of human error, the best way to prevent them is to remove this possibility entirely. Users who make errors like the ones noted above may accidentally click the share with “Everyone” option when uploading the files, though he or she may intend to share it with another group on the access list. If the uploading and securing processes were automated, it is doubtful these leaks would have occurred.
Sanjay Beri, CEO of Netskope, a cloud security company whose mission is to “evolve security for the way people work,” says that everyone who works in the cloud for a given company must be on the same page. Cloud related leaks happen when users are not working together, and when miscommunications occur, errors follow. Not only this, but according to Beri, about 2,500 of the 25,000 available cloud storage systems are suitable for use by clients. Thus in order to protect sensitive data stored on the cloud, businesses must properly train their employees and also select the proper cloud storage system.
Lest these risks deter businesses from utilizing the storage capabilities of the cloud, these systems are still the best way to store and protect large quantities of data. As long as updated technology and automation processes are in place, cloud storage systems are secure and reliable. Or, as Gandalf would put it, they “keep it secret, keep it safe.”