Miscellaneous
One of the bigger stipulations in GDPR is that third-party service providers, including companies who run the ever-ubiquitous cloud, will also be responsible for following the correct protocols when it comes to protecting EU citizen data. Yet just as companies keep throwing everything into the cloud, we keep seeing errors in the way companies are safeguarding personally identifiable data. If you have been following the work of Chris Vickery, you know how easily these errors can be found. Vickery, Director of Cyber Risk Research for California-based Upguard, has been finding misconfigured cloud instances all over the internet. Just in the past year, Vickery has found openly discoverable cloud instances at places like a Florida credit monitoring firm, media behemoth Viacom, and even at the Department of Defense. Each finding had enough PII to keep privacy officers sleepless for weeks. While those incidents were all based in America, Vickery recently came across a similar breach at french marketing firm Octoly, which caters to European social media influencers. In a few weeks, Octoly's response to such a finding is going to possibly be under much more scrutiny. I talked to Vickery and Upguard CEO Mike Baukes about how they see these security incidents playing out under GDPR, and whether cloud providers will lead the way when it comes to breach response.