At least make a token effort

I was talking to someone about data security yesterday afternoon, and mentioned the Mexican data breach where 93.4m citizen records were left in an unsecured cloud database – and immediately stolen – as an example of the carelessness people seem to experience when taking advantage of cheap web storage and processing.

Pretty much while I was having that conversation, this happened. A new record: 198m US voter records, terabytes of data. On Amazon. Unencrypted. Not even password-protected. Seriously?

Imagine the fine if that had been a UK research firm subject to the GDPR.

You can’t rely on Amazon – or Microsoft, or Rackspace, or your cloud provider of choice to keep your data secure. Unless they explicitly say that they will protect it, it’s up to you.

Read the EULA in the one-inch-square box before you sign up.  It’s not even a box on AWS, it’s a link. Read it here. It’s 6,400 words. So don’t expect to have your first instance up in 5 minutes’ time.

Now read the GDPR and the PECR.

Now you know who’s responsible for what. Yes, that’s right. You. For everything.

So please at least try.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s