Despite rising cloud adoption rates, data privacy continues to be a big concern for many organizations. In fact, a recent CipherCloud survey of IT professionals found that 56 percent were worried about data privacy in the cloud.
While cloud storage services such as Dropbox, Box, Google Drive and Microsoft SkyDrive are adamant that data is kept private under their policies, a recent blog post by Forrester analyst Mike Gualtieri explained that these policies are not what should concern users. Instead, he argued, careless programming is a major threat to cloud security.
“The security measures employed by these file-synching and sharing services are all well and good, but they can be instantly, innocently neutered by a distracted programmer,” Gualtieri wrote. “Goodbye privacy.”
He presented a scenario in which a programmer might copy and paste login code for the service in such a way that an incorrect login would still be able to gain access to the data. Gualtieri was adamant that, to calm data security fears, cloud providers should inform users about their testing processes as well as their authentication and encryption methods as part of their pitch to show that they are serious about privacy. Companies that use processes such as static analysis to strengthen their code can win consumer confidence.
“Tell me how your testing processes will catch coding errors that could compromise the security of my files,” Gualtieri wrote.
Security news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.