I know the biggest things going on around California right now are the drought, the SF Giants being in the world series, and that Coach Jim Harbaugh may be leaving the 49ers next season, but there is one other thing that should be added to the list, data protection. Any Californian who has experienced a breach in the past is probably yelling out the California motto right now, “Eureka!”
With the emergence of cloud applications comes the need for a total data protection approach to security. Given the recent government movement around data security i.e Obama’s new bill on credit card security, following the Target, Home Depot and JP Morgan breaches, state law makers are beginning to get the picture as well.
Major changes need to be made in the way that businesses secure the sensitive data of their customers. In industries like healthcare and finance the need is even GREATER as there are regulations like HIPAA and Safeguard’s Rule that companies need to comply with.
The Golden State has taken data protection head on. California governor Jerry Brown has recently approved a bill extending the data protection responsibilities for businesses within the state from companies that “own “and “license” personal information about California residents, to companies that “maintain” information as well. This means that companies that use cloud vendors such as Salesforce, Office 365, Google Apps and Box need to make sure that all customer data is protected within their 3rd party’s cloud.
If you have been keeping up with our blogs you will have seen that cloud apps have several security holes that need filling. These holes include: too many passwords needed, no ability to monitor for suspicious activity, data leakage and inadequate security for lost mobile devices. Companies now need to start looking at options for securing the cloud apps that they employ.
I wouldn’t be surprised if these bills begin getting approved in other states around the country as well. So for companies who store customer data in the cloud, and use cloud applications, but still don’t see this as an URGENT need, realize that sooner or later you will have to deploy added security for those apps. Or risk breaking the law. It’s just a matter of time.