Comentários do leitor

How encryption could stop personal data exposures on the cloud

"Gena Cordeaux" (2020-02-20)


id="article-body" class="row" section="article-body"> An encryption product could improve cloud security. Getty Images What do a Peruvian movie theater chain and a payment service for US cannabis dispensaries have in common? Unsecured databases. In separate incidents this month, sensitive customer data from Cineplanet in Peru and THSuite in the US were found exposed on cloud servers without password protection. Identity theft experts say the global trend of exposures is just as concerning as hackers stealing data outright.

To ease the problem, whatsapp groups invitation links database software makers have been trying to make security easier for cloud database managers. On Monday, Kenn White, a security principal at database software maker MongoDB, will describe a new technique, called field level encryption, to make data safer on the cloud. The research will be presented at the Enigma Conference in San Francisco. Field level encryption works by scrambling data before it's sent to a cloud database and unscrambling it when the data is retrieved.

The promise of the product is to protect the contents of a cloud database, even if bad guys access it. The feature has been available on MongoDB's open-source product since December, as well as for customers of the company's corporate products. MongoDB's new feature comes as more and more companies move user data to cloud servers, rather than run their own costly data centers. In April, Gartner projected that cloud computing would be a $214 billion industry by the end of 2019.

That was up more than 17% from 2018, when it was $182 billion. Companies have rushed to the cloud without understanding all of the security implications. Many companies have left countless databases exposed, revealing personal data that has included records from drug rehab centers. A database containing details about who lives in 80 million US households was left unprotected in 2019, as was data on Facebook users and the anticipated salaries of job seekers.

Now playing: girls whatsapp group links Watch this: The Trump administration and whatsapp groups invitation links Apple are set for a new... 3:27 The seemingly endless exposures -- the result of a failure to password-protect a database -- have inspired an army of security researchers who hunt down countless exposed databases containing Social Security numbers, passwords, personal histories and other details that shouldn't be accessible to just anyone with an internet connection. Data on the cloud should be password-protected by default, says Chris Vickery, a security researcher who looks for database exposures at UpGuard.

Often, though, it isn't. "There's so many different platforms out there these days," Vickery said. "From one to the other, you're going to have varying levels of default security." Sometimes the person setting up the cloud database will inadvertently turn off password protection, said White, the MongoDB executive. Maximum security storage MongoDB's field level encryption might encourage some companies that don't use the cloud to consider it.