A couple of weeks ago we learned about a serious data breach containing the personal details of 50,000 Australian employees. Affected organisations included AMP, Rabobank, UGL, Department of Finance, Australian Electoral Commission and the National Disability Insurance Agency.
It takes 20 years to build a reputation and few minutes of cyber-incident to ruin it ― Stephane Nappo, IBFS Global Chief Information Security Officer, Société Générale
In this particular case, a third-party contractor who works for these organisations misconfigured an Amazon S3 bucket which stored the databases. Not only do organisations need to ensure that their own in-house IT systems are secure, they also need to ensure that any third-party systems which have access to their data are secure. This has huge implications for the up-coming mandatory data breach disclosure laws.
There is no denial that cloud systems are here to stay and anyone who doesn’t get on the bandwagon will be left behind. However, cloud is a relatively new technology and new technology requires a fundamentally different approach when it comes to security. Many of the legacy principles don't translate well to the cloud, especially when it comes to security. A holistic approach combined with the right security tools available for each cloud platform is the key.
In the data breach example above, the third party contractor should have considered using a specialist tool that integrates with Amazon VPC and monitors for security flaws/holes in the implementation. Tools such as “evident.io” would have easily prevented this serious data breach.
Treating cloud security as an "out of sight, out of mind" matter is a recipe for disaster - Vlad Tsyrlin, Director, Exigence
Adopting cloud technology means staying competitive and agile. Biotech, Pharma and Life Sciences organisations are used to being innovative and on the forefront of technology. Using the best that cloud has to offer need not be risky if the right approach is employed. Sensitive patient/trial data as well as high-value intellectual property can be successfully stored on a cloud platform in a secure and protected environment, thus improving mobility and facilitating collaboration. Securing this information is the key to further progress and the continuing adoption of the technology by these organisations.