Companies today who leverage cloud providers should reevaluate what data is being stored, and if the data is being exposed to hackers or ransomware.
A recent example of this was where a cloud customer realized their data could be hosting potential protected and sensitive information that if disclosed to the authorities or media, could potentially bankrupt them!
Generally consumers frown upon their data being breached regardless of what information has been exposed and thus establish a lack of trust in their consultants, products, and applications moving forward. An example of this would be, personally identifiable information. This is also known as PII.
The challenge is understanding what information has been breached and how much has been exposed to potential hackers through spyware or even ransomware. It is better to know before the media coverage starts. It begins with the questions of what, when, where, how, and why?
Understanding what types of data you have stored in the cloud gives you a better perspective on what you need to prepare yourself for in the event of an incident or a breach of data. Having a Cybersecure Compliant Cloud Solution is key to understanding and answering all the questions previously mentioned.
If you have PII and link it, somehow within your applications or workloads with a relation to a given medical condition, then it becomes what's known as Protected Health Information. Protected Health Information or PHI, is protected under the US federal government under the code for federal regulations (CFRs) for HIPAA, HITECH, and OMNIBUS.
A scenario would be, where a software as a service (SaaS) provider leverages a cloud provider (CSP) and stores information regarding injury law. Which covers not only legal info and counsel, kept in confidence, but also includes medical information about the client. If the client realizes that his medical condition is now tied to his PII, and this information is in a breach, causing him to lose a case, or potential future employment, the individual can then pursue legal action against the firm and the SaaS provider, who resides on the Cloud Platform.
Thus, the discovery process begins. Having a cloud provider that can walk you through the discovery process based upon an accident or a breach is a key aspect of reducing the amount of exposure. Ultimately, that could be tied to a given SaaS developer or provider and inherently the customers who are tied to legal firms and their respective clients.