The Macrosite for News, Analysis and Opinion about the Future of the Internet
Mary Jander

Clouds Blameless for Most US Data Loss

Written by Mary Jander
8/20/2012 2 comments
no ratings
DISCUSS     Email This

If your organization is pointing a finger at cloud services for security liabilities, y'all might want to take a look at the three fingers pointing back. Some enterprises have only themselves to blame for security woes.

At least that's one potential takeaway from figures posted by the Privacy Rights Clearinghouse (PRC), a consumer advocacy group that tracks data breaches in the US. So far in 2012, it looks like a large number of online privacy violations can be laid at the doorsteps of financial services and insurance firms; educational institutions; and government agencies, particularly at the state level.

Let's get to the details: This year, the nonprofit PRC's research shows that 19,114,009 records have been breached in 447 incidents. Of those, 45 percent, or 8,677,588 records in 72 incidents, were attributed to unintended disclosure, defined by PRC as "Sensitive information posted publicly on a website, mishandled or sent to the wrong party via email, fax or mail."

Another 7,027,673 records in seven incidents were breached as a result of what PRC calls payment card fraud, defined by the organization as "Fraud involving debit and credit cards that is not accomplished via hacking. For example, skimming devices at point-of-service terminals."

So in total, 82 percent of this year's breaches occurred as a result of these causes -- actual hacking; insider malfeasance; and the loss of physical, portable, or stationary devices containing important data account for the rest of the losses.

Analyzing these data breaches further, PRC shows that the majority of records lost via unintended disclosure of data were related to incidents in the sectors of government (nearly all at the state or municipal level), educational institutions, and financial/insurance service businesses. While the healthcare sector showed many incidents, the actual number of records breached was smaller than what was lost by these three top sectors.

Table 1: Data Breaches Due to Unintended Disclosures, 2012

 Organization Type   Number of records breached   Number of incidents 
Government and military 7,963,875 13
Educational institutions 428,528 19
Businesses (financial and insurance services) 107,656 10
Businesses (retail/merchant) 95,000 4
Healthcare/Medical providers 80,491 18
Businesses (other) 2,038 8
Source: Privacy Rights Clearinghouse.

Interestingly, in May of 2012, Gartner analysts reported that use of cloud services in government could be considered "moderate," mainly involving "private cloud, email, and some SaaS." Insurance companies are also moderate users, mainly deploying clouds for "noncore applications and limited SaaS for vertical solutions."

Can cloud services be blamed for security problems within these sectors? That's certainly open to question. Indeed, considering the propensity for both government and insurance organizations to flub data handling, it may be wise for users in these sectors to think twice about using cloud services before addressing inherent security problems.

As for educational institutions, Gartner says these are "heavy" cloud users, deploying cloud for "email, collaborative and back-office SaaS/IaaS." But one has to question whether these schools can properly attribute their security woes to clouds. A visual tally of the source of each breach indicates that at least 11 of 19 were directly attributable to human errors. Here are some examples:

University of Virginia. Human error is attributed to making between 300 and 350 transcripts from Summer Language Institute applicants visible on the campus Website.

Columbia University. A programmer accidentally posted a file containing the names, Social Security numbers, addresses, and bank account numbers of 3,000 total current and former university employees and 500 proprietors for a period between January 2010 and March 2012. It appears that the file was not accessed anytime between January 2010 to March 10, 2012.

University of Alabama. Social Security numbers and academic records were accidentally posted to the campus Website, affecting 8,000 undergraduates who attended the school between 1995 and 2006.

None of my conclusions can be considered scientific. And at press time, Gartner report co-author Daryl C. Plummer had not responded to my phone or email requests for further clarification. Still, what emerges from my armchair research causes this observer to look twice at fingers pointing to the cloud as a security liability.

Related posts:

— Mary Jander Follow me on TwitterVisit my LinkedIn pageFriend me on Facebook, Executive Editor, Internet Evolution
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Mary Jander
Thinkernetter
Monday August 27, 2012 10:06:00 AM
no ratings

True, slfisher. And it looks like security personnel aren't focused enough on the screen-to-chair space!

slfisher
Thinkernetter
Monday August 27, 2012 9:44:08 AM
no ratings

It's why all the Black Hat presentations and so on focus on social engineering. You can make the software and hardware impregnable but as long as people are involved, there's a risk.

The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Cloud Clan Editor's Blog
Mitch Wagner
Mitch Wagner   5/22/2013   8 comments
Precor, which makes exercise equipment for gyms and homes, needed to transform itself into a cloud services provider in order to keep up with the changing demands of its customers.
Mitch Wagner
Mitch Wagner   5/17/2013   11 comments
Like other leading technology-using businesses, Walmart is starting to look like a vendor in its integration of the latest technologies to serve its customers. That's what led it to buy two Silicon Valley cloud startups this week.
Mitch Wagner
Mitch Wagner   5/9/2013   9 comments
IT executives are worried about business units that use social media, Dropbox, Skype, and other public clouds without working through IT. This "cloud sprawl" creates concerns about security, compliance, and other potential problems for the enterprise, according to a study.
Mitch Wagner
Mitch Wagner   5/3/2013   13 comments
Rent-A-Center, the US's biggest operator of rent-to-own stores, cut its procurement budget significantly by centralizing purchasing in the cloud.
Mitch Wagner
Mitch Wagner   4/24/2013   2 comments
Cloud computing helped Netflix score a big win this week, meeting a thousandfold increase in demand and driving the Internet video service provider back to profitability. It provided Netflix with "availability, scalability, and cost savings," chief executive officer Reed Hastings wrote in a letter to shareholders.
5
of
Second Shooter
The Real Problem With Cloud Security
8|17|12   |   2:12   |   7 comments

All the recent hoopla about cloud security overlooks an important point, which is that it's not strictly a cloud problem. The linkage of online services into cooperative chains creates the risk, and only biometrics and federation of providers can save us.
Full Nelson
Big Cloud Barriers
12|16|09   |   02:59   |   No comments

If you listen to the hype, clouds are everywhere. But if you look at the data, it turns out most customers say they still wouldn't use cloud computing for mission-critical apps or data. What's holding them back? Fritz investigates.
Mary E. Shacklett
Enterprises Like SaaS for Social Networking
9|6|12   |   2:04   |   8 comments

Enterprises are discovering that using social networking within the secure setting of a SaaS provider's network gives them an unusual opportunity to freely collaborate with partners, suppliers, and even competitors.
Mary E. Shacklett
Microsoft Opens Up Office Options
7|16|12   |   1:38   |   2 comments

Microsoft's recent decision to bundle its Office software with business partner offerings indicates that cloud software may be in the news, but licensed packages are still in demand for failover.
Sweeney Blog
Financial Services Awaken to Cloud Computing
11|23|09   |   2:13   |   1 comment

The sooner purveyors of cloud computing services can pass muster, security-wise, with financial services companies, the sooner cloud computing will really go mainstream.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Mary E. Shacklett
Financial Services Policies Lag Tech Advances
12|4|12   |   2:18   |   6 comments

Regulations haven't kept up with advances in mobile devices and credit cards.
Mary E. Shacklett
Watch Your Business Secrets on Multi-Tenant Clouds
11|26|12   |   1:56   |   1 comment

Multi-tenant clouds assure security for clients, but not necessarily for their ideas. Here's one thing you should discuss with your cloud provider before you sign on.
Wisdom of the Big Chair
FBI Turns Attention to Mobile Security
10|30|12   |   3:45   |   8 comments

The FBI recently issued a warning to smartphone users, highlighting two mobile malware applications: Loozfan, which steals personal information, and FinFisher, which is spyware that takes over a smartphone's functions.
Second Shooter
Cloud Spawns Mobile Ecosystem
7|12|12   |   2:09   |   6 comments

The Amazon smartphone rumor and the Apple mini-iPad rumor show that the mobile device giants think they have to be in all the device spaces to win. Why? Because the cloud can create an ecosystem where every device can cooperate to support the user, and if you don't supply all the devices you miss out on the total value.
IETV: the thinkerNet on film
5
of
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   4 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
an IBM information resource
sponsored content
big blue blog
Todd Watson
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Is Your Site .Com or .Irrelevant?
Dan Cypra
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
CLICK FOR MORE
IT Helps Companies Find the Water
Matt Heusser
I've been writing about how the next evolution of the Internet might just be an advertising revolution, and how corporate IT can stay involved as the enablers and providers of the technologies that make this possible.
CLICK FOR MORE
Is Your Site .Com or .Irrelevant?
Dan Cypra
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Is Your Site .Com or .Irrelevant?
Dan Cypra
Businesses often struggle to decide which domain to use. When it comes to purchasing a domain name, you have plenty of extensions to choose from, ranging from .com and .net, to .me, and even .mobi. But which one should you pick?
CLICK FOR MORE