BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Kiwi firms exposing sensitive data to helpdesks

From: Lee J <lee () riskbasedsecurity com>
Date: Tue, 1 Oct 2013 13:34:26 +1000
http://au.news.yahoo.com/a/19187729/kiwi-firms-exposing-sensitive-data-to-helpdesks-expert/

A New Zealand IT specialist is warning Kiwis phoning cloud software
helpdesks that they may expose their data to unnecessary risk.

The CEO of Optimizer, Manas Kumar, says there has been a significant uptake
in New Zealand’s use of cloud services in recent years with many seeing
only the benefits of storing information in the cloud.

Kumar says however, that New Zealanders still have a ‘desktop based
mindset’ when it comes to data security and this poses a significant threat
to their businesses.

In the past, helpdesk staff had no direct access to data stored on the
desktop and could only assist clients with general product issues.

Kumar says with the new cloud technology, helpdesk and support staff are
automatically able to view all customer, financial and other data in real
time when they are contacted with a query.

"We may go to great lengths to password protect our cloud data from being
hacked and yet there are situations when we expose too much of our
sensitive information to people we have never met", he says.

Kumar says Kiwis are still relatively inexperienced in terms of recognising
the potential downside of cloud software solutions.

Kumar says while business owners may have complex legal constraints
protecting sensitive data when working with an accountant or lawyer, it is
unlikely that such protections are in place with cloud software as a
service (SaaS) providers.

"Often the relationship with your advisers is built up over many years -
you know them personally and their reputation as an individual is closely
related to their practice.

"The same cannot be said about the guy you call on the helpdesk who in many
cases is not even based in New Zealand - and yet has access to exactly the
same sensitive information about your business."

Kumar says in many cases the best solution for customers is to forego cloud
services and stick with desktop based applications.

"There are some businesses where the potential for this damage is so acute
the only option for them is to stay out of the cloud," he says.

For other SME’s, Kumar advises them to firstly check with the SaaS provider
as to their policy on customer data access at the helpdesk level.

Kumar believes that eventually regulations may be necessary to ensure that
cloud services offer tiered levels of protection for customer data.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: