When Cloud Solutions Evaporate Security: Lazy configuration and lack of oversight

In this particular case, a third-party contractor who works for these organisations misconfigured an Amazon S3 bucket which stored the databases. Not only do organisations need to ensure that their own in-house IT systems are secure, they also need to ensure that any third-party systems which have access to their data are secure. This has huge implications for the up-coming mandatory data breach disclosure laws.

There is no denial that cloud systems are here to stay and anyone who doesn’t get on the bandwagon will be left behind. However, cloud is a relatively new technology and new technology requires a fundamentally different approach when it comes to security. Many of the legacy principles don't translate well to the cloud, especially when it comes to security. A holistic approach combined with the right security tools available for each cloud platform is the key.

In the data breach example above, the third party contractor should have considered using a specialist tool that integrates with Amazon VPC and monitors for security flaws/holes in the implementation. Tools such as “evident.io” would have easily prevented this serious data breach.

Adopting cloud technology means staying competitive and agile. Biotech, Pharma and Life Sciences organisations are used to being innovative and on the forefront of technology. Using the best that cloud has to offer need not be risky if the right approach is employed. Sensitive patient/trial data as well as high-value intellectual property can be successfully stored on a cloud platform in a secure and protected environment, thus improving mobility and facilitating collaboration. Securing this information is the key to further progress and the continuing adoption of the technology by these organisations.