Reading the recent news about hackers breaking into the U.S. government’s Office of Personnel Management, I had to wonder once again: Where and when does the threat to our data security end? Or does it ever end?
I think back to 2007, when we first heard about the TJ Maxx data breach that compromised at least 45.6 million consumer credit and debit card data records. At the time, it seemed like the worst thing that could ever happen to a retail giant and the customers who trusted their data to the company. But since then, the problem has persisted and even worsened.
In 2008, payment processor Heartland Systems suffered a breach that exposed information from 130 million credit and debit cards. In 2013, Target lost 40 million card numbers to hackers, as well as the personal contact information of 70 million customers. Just last year, Home Depot saw 56 million payment cards compromised.
And now, a massive breach of federal employees’ data is again raising questions of just how secure personal data can be.
The threats are growing — and the stakes are growing higher
If you’re an entrepreneur trying to grow a data-driven business, this is one of those things that’s going to keep you up at night — especially when you consider that we’re not only talking about more breaches, we’re also talking about data that’s potentially more valuable than ever.
Sure, credit card data is worth a lot to hackers, and when it’s compromised, that’s plenty of cause for consumers to worry. But what about other kinds of data? What about the increasing amounts of personal data that people freely provide to you and others in exchange for a better consumer experience? It’s worth a great deal to those of us who collect it legitimately (exactly how much is another story); unfortunately, it’s also worth a lot to those who access it illegally.
Reuters recently published a report pointing to the vulnerability of medical data in particular, noting that stolen health information, with its potential to be used for medical fraud, can be sold on the black market for 10 or 20 times more than a credit card number.
Where is consumer data actually safe?
It’s been pointed out that every major data breach in the last two years has involved an on-premise data center, rather than a cloud-based data environment. And that begs the question: If data is at risk in your company’s data center, is it safer in the cloud?
If you decide to respond to security threats in the data center by moving customer data to a private cloud, you’ll still have plenty of vulnerabilities and threats to worry about – at least a dozen and a half, according to one report.
Certainly, there’s a compelling case to be made that your data is more secure in a virtual private cloud operated by Amazon, Google, Rackspace or another leading provider. After all, they have the domain expertise that’s needed to deliver better data security — or at least they have more of it than the average retailer or other non-technology company.
And yet only last month, we heard about a new security threat called Venom that could infiltrate entire cloud networks. At least one report suggests it could potentially affect cloud-based data centers like the ones today’s top cloud providers run. And over the last year, there’s been news about vulnerabilities in the Xen Project open-source hypervisor that Amazon and Rackspace both use.
Thinking outside the security box
I’m confident we can beat back the threats to consumer data security. But I’m not sure we can do it using the same approaches we’ve counted on so far. I think we need new ways to look at how we store and protect data.
Maybe we literally put our data in the bank. I mean, what industry has greater safeguards around data than banking and financial services? The industry is regulatedto within an inch of its life, with the Gramm-Leach-Bliley (GLB) Act, for example, mandating the security of the customer information financial institutions collect, and the Federal Trade Commission’s Safeguards Rule requiring the institutions to have measures in place for compliance with GLB.
Of course, the financial industry is by no means immune to attacks, as a recent PricewaterhouseCoopers report makes clear. What industry is? But if data’s not safe in companies’ own private data centers or clouds, and if it’s even vulnerable in today’s large private clouds, it’s equally clear that we need more alternatives for data security. Does that mean we put our data in the bank? Maybe. Maybe not. It is up to us, the entrepreneurs who are employing data for good to define the requirements and help “data banks” of the future be ahead of the curve. There will always be a battle between good and evil, but we can’t let fear drive our progress. Educating yourself, building relationships with your data vendors and being inventive is a superior approach.
To view the original post, please visit Forbes.com.