February 23, 2013

BadcloudOn January 29th we released our Hacker Intelligence Initiative Report (HII) which covered the Yahoo hack via third party code that was compromised via a cloud partnership. In the HII we raised the problem that organizations have when they include third party alliance software or service within their own offering.

The cloud opens opportunities for businesses to grow using third party platforms, and embedding their services within their own platforms saving time, money and stepping up their offering.

Yesterday, In a Blog post by Zendesk they disclose the fact that they have been compromised and that the data of their customers may have leaked. Some of their customers are Tumblr, Twitter, Pinterest as revealed by Darkreading. This means that if you are a user of these companies, your data might have been compromised.

What should companies do ?

When a company builds its security model it usually does not take into account elements that are not in their control, which creates the security hole.

Companies should:

  • Implement policies both on the legal and technical aspects to control data access and data usage.
  • Require third party applications to accept your security policies and put proper controls in place
  • Monitor.

We are not saying that you should avoid third parties. These services are pure business enablers and help your organization drive revenue with less cost to it. But when you do that, wear your security hat on!

Share:
Share on LinkedIn

Posted by Barry Shteiman at 04:24:23 PM


Tags:

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.