A data breach at your cloud storage provider is a serious breach response challenge. As more and more organizations more data to the decentralized places like cloud storage, the implications on data breach response are enormous. One of the first pieces of data breach response, digital forensics investigation, becomes a huge technical issue. Seth Berman, Director of digital risk management at Stroz Friedberg, recently stated
“We regularly deal with incidents where data is scattered across servers in multiple physical locations or even on servers that may house other companies’ data. This makes forensic response complicated, slow or, in some cases, impossible,”
This can cause serious issues when you are talking about PII and PHI which are regulated by a web of federal and state laws. Proactive data breach response planning is key as Doug Pollack noted.
“A starting point to address this thorny issue comes in a recent report from Gartner Group on cloud contracts. Gartner has recommendations and guidance for companies to improve the provisions in their cloud contracts to address data breach risks and the processes for mitigating compromises and supporting the required data breach notification process. And then of course, there is the question of who bears the costs, and which costs.”