How do you address data security in the Cloud? specifically, how confident are you that your privacy data is properly protected?

Cloud, Security - Its protected decently in that we have done much to exercise existing security configuration options.  New vulnerabilities and Facebook I’m not so sure.  Internal threats at the cloud provider, as seen with the Capital One / AWS event, leave even aggressively secured environments vulnerable to those with the keys.  To ensure a company keeps running, some people, not everyone, needs to be trusted with critical access.  Even a few doctors break from their code of ethics.  If that company shuts down, then my data no longer has a steward and can be sitting on some server anywhere on Earth.  Most of that data is benign but sometimes, sometimes, it’s my old Blockbuster rental list, which I would not be able to explain away.        

6 comments

https://www.pulse.qa

Pulse User

Its protected decently in that we have done much to exercise existing security configuration options.  New vulnerabilities and Facebook I’m not so sure.  Internal threats at the cloud provider, as seen with the Capital One / AWS event, leave even aggressively secured environments vulnerable to those with the keys.  To ensure a company keeps running, some people, not everyone, needs to be trusted with critical access.  Even a few doctors break from their code of ethics.  If that company shuts down, then my data no longer has a steward and can be sitting on some server anywhere on Earth.  Most of that data is benign but sometimes, sometimes, it’s my old Blockbuster rental list, which I would not be able to explain away.        

Pulse User

Casb and dlp and lots of SIEM rules..

Pulse User

I'm confident because we isolate user's data as much as we can

Pulse User

This is a good practice. 

Pulse User

Encryption and controlling access

Pulse User

Encryption, access control, and DLP