December 23, 2010, 2:29 PM — What might be the first major cloud data breach happened Wednesday. Microsoft announced that data contained within its Business Productivity Online Suite (BPOS) has been downloaded by non-authorized users.
You'd better get used to this kind of thing because we'll be seeing a lot more of it in the future. All any of us can do is pray we're not a victim.
The knee-jerk reaction might be to blame hackers, but that's not so here. The breach was down to an unspecified "configuration issue" in Microsoft's data centers in the United States, Europe and Asia. The Offline Address Book component of BPOS, which contains business contact information, was made available to non-authorized users in "very specific circumstances," according to Clint Patterson, the poor guy at Microsoft who's having to apologize for the mistake.
The problem was fixed two hours after being discovered (how long was it open before that?), and to Microsoft's credit it has tracking facilities in place that allow it to clean up the mess by contacting those who downloaded the wrong data.
However, the whole affair will feel like a stomach punch for anybody considering cloud adoption in the coming year--especially those considering Office 365, Microsoft's major cloud offering that ties into its Office suite.
As far as I can see, there are three basic threats that could lead to data leakage when it comes to cloud computing offerings from any vendor:
1. Misconfiguration of cloud service software, or bugs within the software;2. Hackers stealing data, for fun or profit;3. Employees being careless with data.
The third issue is nothing new, and employees with access to any sensitive data have always had the opportunity to pass it accidentally on to the wrong people. Think about all those e-mail disasters where the wrong attachment was sent, or where e-mails were accidentally forwarded to the wrong parties.
Mix humans and computers together, and there will always be issues.
However, cloud computing presents unique opportunities to mess up royally. Many cloud services make it very easy to share data with either individuals or the entire Internet. This is part of the reason cloud services exist; they allow collaborative working.
