Last week, the second-largest U.S. health insurer, Anthem, announced that as many as 80 million customers had their account information stolen. Not much is known about which systems were hijacked, but Anthem said all of its businesses were affected, so it's easy to figure that the attack was far-reaching.
"'The names, addresses, birth dates, and Social Security numbers stolen from the Indianapolis-based insurance giant are gold for criminals,' said James P. Nehf, a professor of law at the Indiana University Robert H. McKinney School of Law in Indianapolis," USA Today reported.
Once again, there is a major data breach on internal servers.
Those who promote cloud computing can get a bit arrogant about outages and breaches, which are few and far between on the cloud. However, considering that only 1 percent of our data and applications are in the cloud, it's clear that cloud systems have yet to be truly tested. Their day will come.
The common pattern around the recent data breaches is that hackers simply exploited vulnerabilities in traditional systems that the companies did not take steps to address. I suspect thousands of systems out there have the same kinds of vulnerabilities, so more data breaches are coming.
Those who deploy cloud systems can learn a lesson from these breaches: Security needs to be systemic. Security can't be a bolt-on at the end of the build process. Instead, it must be continually updated during the life of the system. The effectiveness of security depends wholly on the planning and technology applied to the problem, for both cloud and traditional systems.
Let's get a clue and provide better security from the start, no matter where your systems are hosted.