Data Breach

What is a data breach?

A data breach is any unauthorised access of information. It can be something as nefarious as data theft or something as unintentional as data leakage or information disclosure.

How does a data breach occur?

A data breach occurs any time information is viewed by an unauthorised party. A breach can be accidental (such as co-workers sharing hardware and one seeing information on the other’s machine), caused by malicious insiders/outsiders (such as the deliberate accessing of information to inflict damage or harm) or the result of a lost/stolen device that is unencrypted or unlocked and that contains sensitive information.

Who is responsible for a cloud data breach?

In most cases, the breached organisation or the specific data managers are responsible for a cloud-based data breach. It is possible that, despite their best efforts, data owners may fall victim to hackers, but in most cases, human error is responsible for security vulnerabilities.

What data protection solutions can you use in the case of a data breach?

In the event of a data breach, you want to secure your information, your people and your systems.

Information

The first step will be to secure your information by removing any publicly posted data from online. If data was posted inadvertently on your website, remove it quickly; if posted on other websites, search elsewhere to ensure that all versions or duplicates of the information have been removed.

People

The first step for your people will be to establish a data breach response team that can handle both the public-facing and internal components of the recovery. These teams may consist of legal counsel, human resources, IT, operations, investor relations, management and organisational leadership.

Systems

When data breaches happen, it’s critical to act quickly to mitigate the damage, strengthen any vulnerabilities, patch any openings and stop additional data loss. Take all affected equipment offline, but do not power it down until your forensic team has inspected it. Additionally, update the passwords and credentials of authorised users. Until you do so, your system will remain vulnerable if hackers gained access to login information.

How can you prevent a cloud data breach?

You can prevent data breaches and pass internal security audits by implementing several of the following safeguards.

  • Data classification helps you audit and inventory the data you have and the degree to which it needs to be protected. More sensitive data requires higher degrees of security.
  • Firewalls help separate one network from another and are the first line of defence for putting protective borders around sensitive information.
  • Data encryption offers one of the highest levels of virtual security; by masking sensitive data in cryptography, it prevents hackers from gaining easy access. Encryption isn’t foolproof, but it offers the strongest and most immediate line of defence against cyberthreats and data thieves.
  • Physical security also protects your data by limiting the access that employees, visitors and thieves have to hardware and network peripherals.
  • Cloud security services attend to large-scale cloud-based networks where data is most often stored. These services offer security protocols at the storage level as well as the endpoint level where data breaches can originate.

What are the consequences of a cloud security data breach?

The consequences of a data breach can be so all-encompassing that they pose a potential existential threat to some companies.

Regulatory compliance varies from region to region, country to country. If an organisation experiences a cloud security data breach, there are specific regulations about the manner in which potential victims are notified by the company and the timeline for notifying them and attempting to rectify the situation. Additionally, the company may face penalties if the notifications are not handled within the required window after the breach. Some jurisdictions also require the authorities to be made aware of the breach after the victims are notified in a timely manner.

If the company is large enough to do business in multiple regions or on multiple continents, the regulatory compliance can be time-consuming and convoluted. However, it is more than just a nuisance, because possible penalties, restitution and resulting lawsuits can cripple an organisation financially.

A cloud security data breach can also impede other business dealings. For instance, a data breach can compromise the sale of an organisation and its solvency as it may no longer be considered a worthwhile investment by a corporate buyer.

In addition to punitive results that can adversely affect a company’s solvency after a cloud security data breach, they may also suffer from widespread damage to their reputation. Data is the most valuable asset a modern company can hold and some companies’ entire business model is built on secure data storage, movement and utilisation. If a cloud-based company experiences a data breach, it results in a lack of confidence in their ability to manage their sole product or service line.

In short, a cloud security data breach can be financially and socially catastrophic for even the largest companies.

HPE and cloud data breaches

HPE is widely accepted as an industry leader in servers, storage, management and services that provide consistent and award-winning innovation and expertise.

HPE GreenLake for Data Protection

HPE Backup and Recovery Service is backup as a service designed for protecting on-prem networks, delivered through HPE GreenLake cloud data services, and for providing a comprehensive data management service that consolidates all data silos to deploy compute resources, provision storage and protect workloads with a single unified access and cloud operation experience. This service is designed to protect hybrid cloud and cloud-native workloads in a simple and efficient manner, with a global protection policy for consistent protection on-prem or in the cloud via a unified SaaS console.

It brings policy-based automation to protect your VMware VMs, Amazon EBS volumes and EC2 instances in a few simple steps, within minutes eliminating the complexities of managing your backup and recovery operations on-prem or in the cloud. There are no additional cloud gateways, agents, backup software, proxies, media servers or backup targets to manage and cloud storage is fully managed and scaled automatically by the service.

Threats like ransomware and malware are neutralised with built-in encryption, data immutability, dual authorisation and flexibility to store backup copies in an air-gap manner, making them inaccessible to cybercriminals. Organisations lower the cost of protecting data on-prem or in the cloud with consumption-based pricing and ultra-efficient data reduction technologies. HPE Backup and Recovery Service empowers customers to modernise their backup, protect their workloads easily and secure their data against threats like ransomware, all in a cost-efficient approach.