Following the exposure of the Sony PlayStation 3 security flaws – and with so much of our data stored online – are we making it too easy for criminals to get hold of our information? Phil Beckett, director of the Disputes & Investigations team at Navigant Consulting comments:
“The cloud opens up companies to large scale risks. If the entire system is cloud-based, as opposed to just a connection to the internet from your systems, the scope of risk and potential attack will be greatly increased. There is also the added third party risk as you will be trusting a provider to supply and maintain the system. How do you know you can trust the provider and its employees? Can you trust the design? It is important to ensure that the appropriate controls are implemented, monitored and tested. It is also important to consider segregating sensitive data, to ensure that more stringent technological measures can be applied to that data.”
“Most importantly and what can often be overlooked, is that appropriate procedures must be implemented to ensure that any breach can be readily investigated. As such companies should ensure that relevant data can be captured quickly and securely, log files are maintained to be interrogated and finally, that appropriate change management procedures are in place.”
