CrowdStrike: Further Proof That Sensitive Data Does Not Belong in the Cloud!
The latest incident at CrowdStrike shows once again how fragile data security in the cloud can be. Regardless of whether it is a technical or human error, such incidents are unfortunately not uncommon and will probably continue to increase in the future.
When will we Finally Learn from These Experiences?
It's time to realize that sensitive, personal and business-critical data does not belong in the cloud! And certainly not on Windows systems.
My personal experience illustrates this: In 2000, after the impact of the Loveletter virus on Windows systems, I made a decision for the young company ProjectWizards that has stood the test of time to this day: I switched to OS X, a UNIX-based operating system. In the 20 years that followed, there were no significant security incidents on our Mac OS X and macOS systems.
If Linux had offered more mature capabilities back then, it might have been an option for me. However, the decision proved to be the right one, as it offered a stable and reliable system.
The Cloud is No Guarantee of Security!
The CrowdStrike case shows that even renowned cloud providers are not immune to security vulnerabilities. Companies should therefore think carefully about what data they move to the cloud and what security measures are required to protect this data.
Or to put it more drastically: all security-relevant, personal and organizational data does not belong in the cloud! And certainly not on a Windows system.
Alternative Approaches to Data Security:
-
Local data storage: Storing sensitive data on local servers provides more control and oversight of access.
-
Zero-trust architecture: Implementing a zero-trust architecture can significantly reduce the risk of unauthorized access to data.
-
Encryption: Encryption of sensitive data, both during storage and transmission, is an important building block for data security.
-
Regular security audits: Regular security audits can reveal vulnerabilities in the IT infrastructure and help to proactively address them.
Conclusion:
The CrowdStrike case should - once again - serve as a wake-up call. Companies must take data security seriously and protect their sensitive data in the best possible way. The cloud can be part of the solution, but it should not be seen as a panacea. Local data storage, a zero-trust architecture, encryption and regular security audits are other important factors in ensuring data security.
Disclaimer:
This blog post is intended as food for thought and does not constitute legal advice. Companies should consult an expert if they have any questions about data security.
If you have any questions about this blog article or would like to discuss it, we look forward to your contribution in our forum.