Let us face reality, data security is fairly more than a wish or a target. If you trust any app, data storage or infrastructure is totally safe, we need to talk about the idea of continuity and responsibility.
Security goes beyond the structure provided by cloud computing, it needs to be considered a process of continuous work and with shared responsibility among everyone in an organization.
Real examples of financial and reputation impacts in great companies
In the year 2014, Sony had approximately 1,5 terabytes of data stolen, in other words, new episodes from the series Game of Thrones and other relevant information were leaked. How does a leak of this proportion go by unnoticed?
Yahoo had one billion user accounts hacked in 2013 and in June of 2017. Government websites in four states: New York, Maryland, Ohio, and Washington were invaded, anti-American messages were displayed.
In all cases, what we have in common are the financial and reputation impacts on companies and institutions that know the importance of data security in their commercial strategies. Due to that, they make great investments in top technology, regardless of being in the cloud or not.
The question that arises is how public organizations and private companies suffer from incidents with this proportion, even being aware of the issue and investing so much?
Data security is a challenge, not rocket science
The greatest data security challenge for companies, regardless of their size or sector, does not depend only on the available infrastructure or authentication processes. A simple and naive click on an email message by a well-intended employee can cost years of effort and millions of dollars invested.
At Amazon for example, the investment in network tools, software solutions, certifications and compliance is a priority and is offered to all customers of every size, sector, and country. Cloud computing does not treat data security like rocket science, therefore, a continuous and participative process is incorporated to face this challenge.
Sharing the responsibility happens due to the necessity that every person must do their part. Besides all the necessary infrastructure to ensure security, companies and their employees need to respect policies and processes made to reduce the risk of security incidents.
Besides preventing, it is necessary to know how to approach situations as the ones mentioned in the beginning of the article. Being able to identify occurrences is part of the continuous improvement process and it shows us that companies are preoccupied with data security, therefore, using all the resources on it continually.