(Page 2 of 2)
As O'Brien sees it, defense-in-depth strategies could have helped in the Vodafone breach. At no point in time should any single system weakness have yielded such important assets to a hacker, he said. And we can reasonably question why this kind of information was being stored on an insecure system in the first place.
"Unfortunately, legacy information protection tends to rely upon an outdated model of perceiving data as being 'in motion' or 'at rest,' and applying security controls only at the network perimeters, such as when that information is being attached to an email or externalized via a copy operation onto a portable media device," he said.
Even under the best circumstances, O'Brien said when this information is encrypted on the disk and transmitted in a secure fashion, a single system compromise can result in the complete failure of the defense system. Coupled with reliance upon a likely overburdened IT team member, this type of hack is the result.
"Hopefully, Vodafone will use this as an opportunity to revisit their data residency strategy, and determine if now is the time to transition their data strategy away from the technology model of 20-plus years ago," O'Brien said. "Cloud-based data storage, especially with modern security platforms complementing the excellent level of physical and network maintenance provided by cloud service providers, can make this kind of data breach a thing of the past."
Posted: 2013-09-17 @ 5:36am PT
Disappointing that you didn't do any fact checking on this article and allowed a vendor to take control of the article. Now the article is an advertisement for cloud storage - but that wasn't the issue on this compromise. It was an outsourced admin who did the damage. He would have had access to cloud storage too. Privileged users simply shouldn't have access to data. They don't need it to do their jobs. Even more so in the cloud. Cloud is great and has its place - just not relevant to this story.