Skip to main content

See also:

Cloud Security Lessons From the eBay Breach

eBay Logo
eBay Logo

If you use eBay in any capacity, you may recently have received an email asking you to change your password. The online seller is just the latest example of a popular website hacked for its valuable customer data. In eBay’s case, it was for username and password information. Coming on the heels of the publicity surrounding the heartbleed virus, many are not surprised to hear another big-name website experiencing such an incident.

Target, Living Social, Dropbox and Apple are other popular sites reporting security breaches in recently. These sites are targets of cybercriminals because of the large amount of private data they hold. These sites are a virtual treasure trove for the hackers that can gain access. As the use of public cloud applications increases, we can expect to see these types of aggressive cyber-attacks to continue.

Security breaches are especially disconcerting to businesses already utilizing these sites or other popular cloud applications. Business leaders and IT departments may ask – if these leading websites/providers can’t protect their private data, what are the options? For those wanting to confidently capitalize on the cloud without sacrificing data privacy, there are options that allow organizations to maintain control, while securing data at the same time.

One option is to use a type of cloud security software called Cloud Data Control Gateway (CDCG). A Cloud Data Control Gateway secures sensitive data while it is still onsite, behind an organization’s firewall and then sends it to the cloud. Two methods that the gateway uses to secure data are tokenization and encryption. With encryption, the enterprise owns the keys; with tokenization they own the token vault. Both of these methods make data stored and processed in the cloud useless to hackers of the website or cloud application.

In eBay’s case –their financial data was not affected because it was encrypted, good news, but if all data fields were encrypted the hackers would have accessed completely meaningless data instead of private customer information. This is the key lesson for organizations sending data to the cloud. Now is the time to take the opportunity to learn how cloud security software protects all data before it goes online.