Last week, Ars Technica broke news about an information leak in Docs.com, Microsoft’s version of Google G Suite. Users unwittingly shared sensitive docs publicly that contained private data easily accessible from search engines. Microsoft is taking corrective action, but for those who’ve had their Social Security and health information hijacked, these actions are of little consolation. Like Mitch Ratcliffe said in 2009, “A computer lets you make more mistakes faster than any other invention with the possible exceptions of handguns and Tequila.” Eight years later that quote still holds true. When accidents happen in the cloud, the consequences can be devastating.
Just waiting to happen
Days ago, a security researcher noticed that Microsoft’s free document-sharing site, which is tied to Office 365, had a search bar on the homepage. The whole point of Docs.com is to share documents within your organization or to people outside of your organization, so in most cases, these files were meant to be shared, but not necessarily with the entire world. Search engines indexed all the files within Docs.com, so you could do a simple search for say “passwords” and find all the shared documents with password information. This would all be laughable if the implications weren’t so serious.
“Doxxing” is internet slang for the release of private data online, often done by hackers and antagonizers with malicious intent. In this case, users were doxxing themselves, and Microsoft deserves part of the blame too. When personal health information and Social Security information is made public, the consequences are stubbornly irreversible. Bank accounts can be opened, liquidated, and closed and illegal activities using your private information can surround you for the rest of your life. This situation is a trainwreck, or better yet, a car wreck.
Friends don’t let friends use the cloud irresponsibly
Driving is among the most dangerous things people do on a daily basis, but very few people refuse to drive because it’s dangerous. Instead, we’ve improved vehicle safety. We have seatbelts, airbags, and soft exteriors that allow the car to bear the brunt of the impact while preserving the valuable lives inside. The cloud bears a resemblance to driving: it’s indispensable but most companies are still using the cloud without a seatbelt. There are best practices and practical precautions businesses can take that make cloud use much safer, such as cloud security.
If an employee accidentally leaks private data, the company is responsible. Cloud security tools designed for cloud apps like Cloud Access Monitor can flag and quarantine sensitive data before it leaks. As far as security solutions are concerned, Cloud Access Monitor is even easier to do than buckling up, with API integrations with the most common cloud apps, including Microsoft Office 365, OneDrive and Google G Suite. And deployment is quick – less than 30 minutes – and users will never notice a difference, nor is there any impact on your existing infrastructure. You literally don’t even have to think about it after that.
Please use the cloud responsibly. Buckle up with Cloud Access Monitor.
See how we make Cloud Security Easy: Watch this brief video and then request your free trial.