Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management
    • Storage

    Epsilon Data Breach Highlights Cloud-Computing Security Concerns

    By
    Fahmida Y. Rashid
    -
    April 6, 2011
    Share
    Facebook
    Twitter
    Linkedin

      As email-marketing company Epsilon continues to deal with the fallout related to the revelation that some of its clients’ customer data has been exposed to a third-party, it becomes clear that this incident affects all service providers as organizations renew their focus on data security. In addition, this latest data breach calls into question how secure information is within a cloud-computing infrastructure.

      Epsilon reported April 1 that it detected an “unauthorized entry” into its email system and discovered that email addresses and names belonging to a “subset” of its clients had been exposed to attackers.

      The company estimated that the attack affected 2 percent of its approximately 2,500 clients. Despite the size of the breach, some affected companies and customers have taken heart in the fact that the stolen data included “only” email addresses, as opposed to personally identifiable information, such as social security numbers.

      Still, it means customers are in for more spam, and that leads to questions about whether people can trust something as simple as an email address to a retail store or hotel chain.

      “Any company that is privileged to manage the information that a company maintains about its customers should be paying attention,” said Dave Frankland, principal analyst at Forrester Research.

      Most of the individuals receiving notification emails about the breach have never heard of Epsilon. The data loss doesn’t affect their perception of Epsilon. However, the breach has affected customers’ relationships to the name-brand banks, travel companies or retail outlets that have had to send out notifications that email addresses have been compromised, said Frankland.

      “Customers will surely start to wonder if they can’t trust these firms with their email addresses. [They ask themselves if it’s] really that smart to trust them with their credit card data, or with their mortgage,” Frankland said.

      The resulting loss of trust and consumers’ perception that companies shouldn’t have outsourced even the “innocuous” data may force organizations to reassess their marketing strategy. The kind of targeted marketing that Epsilon and similar firms do, such as marketing a mink coat to consumers in Ohio but not to Miami residents, is often beyond the organization’s capabilities. But now organizations have to recognize the risks to the brand and consumer trust by continuing to work with an external marketing provider, Frankland said.

      The Epsilon episode raises additional concerns about how secure any data is within a cloud-computing infrastructure, especially as the technology becomes more mainstream.

      Cloud adoption, while strong, has been hampered somewhat with concerns about data security in a multi-tenant deployment, and the Epsilon breach brought those concerns back to the forefront. A single system, when broken into, gives the perpetrator potential access to a wealth of data, Frankland said.

      Marketing providers are “always keenly aware” of the “vulnerability present” in a single platform where many clients share a common email-sending platform for list-management, email-campaign development, deployment and reporting, said Al DiGuido, CEO of Zeta Interactive and the former CEO of Epsilon.

      Email Service Providers, or ESPs, took “extensive measures” to manage the “unique challenges” inherent in a shared environment, DiGuido told eWEEK.

      Data security is a constant discussion point within every ESP, with “an incredible focus on tools, policies and monitoring technologies” to prevent unauthorized access to the email-sending infrastructure, DiGuido said. For example, it’s an industry best practice that personally identifiable information is never comingled with marketing data, so attackers can’t connect the two pieces of data, he said. Random security audits are performed to check for potential attack entry points. Each client’s information is also partitioned to keep the data separate and secured independently.

      From an “outsider position,” DiGuido thought it likely the attackers somehow compromised the application layer access codes, which tricked the application into thinking the intruder was authorized to interact with the system and databases. The partitions that separated individual clients from each other must have also been compromised,” he said.

      “It’s unclear as to how this could have been accomplished without having access to numerous client-specific access codes,” said DiGuido.

      While much of the focus has been on how to avoid future attacks, the risk to retailers and other organizations is “enormous,” Nicholas J. Percoco, senior vice president and head of Trustwave’s SpiderLabs, told eWEEK. “Blaming subcontractors managing the email system doesn’t address the central problem of preventing similar attacks in future,” Percoco said.

      DiGuido said it was the ESPs’ responsibility to work with peers to figure out collective ways to defend against these types of targeted attacks.

      Fahmida Y. Rashid
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×