By Michael Brown 1

With the full impact of the Heartbleed OpenSSL vulnerability finally receding, did people really think data was safe again on the internet? Managed services providers need to be ready for customer questions about the safety of cloud-based file sharing technologies and other cloud applications.

eBay is the most recent popular website hacked for its database of customer data.  Surely, it won’t be the last.  Online marketplaces are an attractive target for cybercriminals mining for our personal data.  Rather than wait and see which platform is the next to get hit, MSPs can take this opportunity to learn some cloud security lessons from these information breaches.

In the case of eBay, hackers were reportedly seeking out username and password information. Other popular online entities that have recently reported security breaches include Target, Living Social, and Apple, companies with huge databases that contain private customer information. With the expectation that the public’s use of cloud applications will continue to grow, we can expect to see these attempted breaches follow the same path.

For businesses that utilize public clouds and/or popular cloud applications, these security breaches are especially alarming. When leading websites can’t protect their own data, how can businesses expect their MSPs to do so?

In order to help businesses feel confident about their continued use of cloud applications, providers need to present a system that allows organizations to remain in control of their private data. Using various security tools can help. For instance, employing encryption and tokenization on data while it is still behind the corporate firewall  offers another level of protection.

With encryption, the company alone has the key to decode the information. Tokenization technology can substitute sensitive data with a non-sensitive data that has no extrinsic value or meaning. The system can then be created to only send data to the cloud after both processes have been completed.

eBay had encrypted its financial data and, in this case, was unaffected. Still, if all data fields had been tokenized, as well, hackers would have found themselves working with meaningless data, rather than retrieving eBay’s private customer information.  For MSPs, the lesson should be learned to be proactive, not reactive, when ensuring the security of a company’s data before it reaches the cloud.