This year we have seen numerous issues resulting from human error. The configurations for applications and services has led to numerous data breaches. As with most emerging technologies, Docker Containers and Amazon S3 Buckets have proven a challenge for which a learning curve should be applied. In the move to embrace cloud based services organizations have jumped at the opportunity to be part of the leading edge. Recent disclosure for the exposure of 93,000,000 patient files in California is an indicator of how things can take a turn for the worse rather abruptly (Barth, 2019).
While the HIPAA Security Rule (NIST SP 800-66 Revision 1) is labeled as “Introductory,” NIST SP 800-144 (Guidelines on Security and Privacy in Public Cloud Computing) spells it out in a direct fashion. “Reducing cost and increasing efficiency are primary motivations for moving towards a public cloud, but relinquishing responsibility for security should not be.”
The burden for securing these new technologies lies with those in charge of securing the data. Configuration of applications and services is being brought to the light this year, and the management of security services will truly benefit in following years. This demonstrated need to understand security risks is a direct result of the likelihood of misconfigurations and the severity of the breaches they led to.