Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • Database
    • IT Management

    Honda Data Breach Highlights Need to Set Strong Cloud Security Policies

    By
    Fahmida Y. Rashid
    -
    January 24, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Corporations partnering with cloud service providers need to think carefully about what data is being shared to adequately protect consumer privacy, according to security experts.

      As companies outsource various business functions, which can range from e-mail marketing to e-discovery and e-mail archiving, it’s important to remember that the data leaving the corporate network still needs to be protected. The protection should be worked in to the contract, ensuring a standard level of security, before the company hands over the data.

      There are many benefits of the cloud, but “all that goes out the window when there is a data breach,” Ben Goodman, principal strategist for identity, security, and compliance at Novell, told eWEEK. When the cloud provider gets breached, the company that hired the provider is help responsible, he said. Companies “outsource the job, not the responsibility,” Goodman added.

      That was the case when an e-mail marketing firm that Honda partnered with had a data breach in late December. Criminals stole a database containing names, login names to a Honda portal, e-mail addresses, and 17-character Vehicle Identification Numbers for 2.2 million Honda customers, according to a Dec. 28 report in Columbus Dispatch. A separate list of 2.7 million Acura customer e-mail addresses was also stolen from the same marketing firm, but that list did not have any other customer data.

      The inclusion of VINs in the stole data was surprising, as Honda shared its customer information with the firm for e-mail marketing services. People understand that a certain level of “data granularity is required” when the data is stored on-premise, but when that information “crosses the firewall,” it’s not acceptable, said Goodman. Enterprises should be exercising “minimum disclosure,” and not giving external providers “more data than they need,” he said.

      Enterprises are “not as concerned as they should be,” about how other providers are using their data, Brian Singer, senior security management solution manager at Novell, told eWEEK. Honda’s relationship with the e-mail marketing provider was analogous to the one an enterprise would have with a cloud provider, Singer said, and similar rules applied. Enterprises need to be careful what data they provide to cloud service providers, because the providers may not have the kind of security controls that would exist internally, he said.

      “Don’t take for granted the provider will secure the data,” Goodman said.

      Companies should discuss security measures such as access control, network monitoring, and regular audits when negotiating the partnership, Singer said. It should be clearly part of the contract that the provider needs to make sure the data is being secured, he said.

      There is no reason to just hand over the information as is to the provider, said Singer, just because it might have taken some extra time to remove unnecessary data fields from the files. Prior to sending the data, it needs to be examined to verify that the bare minimum of what the provider needs is sent, and nothing else, he said. In Honda’s case, the VIN numbers clearly were unnecessary for the firm to send customers a Welcome email after they bought the car at a dealership, or created an account with Honda Financial Services.

      Cloud applications deployed “under radar” without IT approval or supervision are also a challenge for IT managers who need to ensure proper data granularity, Goodman said. “All the effort to put in access control and security” measures are compromised when the data is being passed on to these cloud applications without thinking about whether it’s really necessary to share all that information, , Goodman said.

      Another concern with cloud service providers is the fact that they are multi-tenanted, Singer said. It is difficult for the enterprise to know the extent of a data breach that hits a cloud service providers, whether the data of one company or multiple companies were compromised by the breach. “Companies don’t know which companies are affected,” he said.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×