I don’t want to pick on one particular company, but the breach at Anthem hits pretty close to home — our industry is under attack. Should this surprise you? Absolutely not. What is particularly concerning is that these are companies that are spending enormous sums of money to stop these intrusions.
And are still getting hacked. JPMorgan Chase, Home Depot, Target, Michaels. I list these, not just as a reminder, but because I personally was affected by all four breaches. I’m on my third credit card in just over a year because every breach forces a new one. The JPMorgan Chase and the Anthem breaches are different and more onerous. In the Target breach, and others like it, credit cards were compromised. You can close a credit card account. In the recently disclosed Anthem breach — everything was lost. Name, Address, Social Security number, employer, net worth.
In other words, everything to steal your identity. I can’t close my life and open a new one. Is there a purpose to this rant? There is.
First, the technology exists — and is reasonably affordable — to encrypt this data. Is it a big project? Of course. Do you still want me to be your customer? How is it that in 2015 critical data about me is sitting in a data center and not encrypted?
Second, one of the biggest arguments against using applications in the Cloud is that having data in your own data center is more secure. Really? Seems not. I was recently discussing running a Life insurance system in the cloud with the CIO of a larger insurer. They put forth the ‘safer in my shop argument’, so I asked them a simple question: Is your budget for security larger than Google, Amazon or Microsoft (three of the largest Cloud vendors)?
After much thought, he replied that it was not, and our discussion changed paths. So maybe it is time to rethink the importance of your own data center. Beyond just security, is it your core competency to run a data center? Does it bring new revenue into your company to run a data center? Is it cheaper to run your own data center?
I believe the answer to all three is a resounding No. So when you are out looking for new applications and technology, I suggest it may be time, or beyond time, to think differently. Oh, and start asking your personal bank, credit union, insurance company, etc.: is my data encrypted?