On Software Vendor Access to Customer Data

Monday, January 30, 2012

Ben Kepes


A mini firestorm broke out recently when 37Signals posted about their 2011 growth statistics.

As part of the post, 37Signals told the world that the 100 millionth file to be uploaded to their software was the picture of a cat. Naturally those who subscribe to conspiracy theories got all fired up and started to express massive concern about 37Signals being able to access customer files.

In a follow-up post, 37Signals advised that they only knew the 100 millionth file was a picture of a cat because the file name was cat.jpg, they also apologized profusely saying that;

Because the natural train of thought from there goes: Hey, if they saw the file name cat.jpg and shared it with the world, what’s to prevent them from sharing other data? Actual sensitive data, like Downsizing-Plans-2012.pdf? Hell, what if they’re actually looking at my secret new logo and leak it to the press?

That’s a completely legitimate train of thought to ride and it was our mistake to get it on track. So let’s start with first things first: We’re sorry. We made a mistake. We should have thought it through and remembered that storing your data with someone else in the cloud hinges on a fragile layer of trust. We poked that trust in the eye and it was wrong. We shouldn’t have checked the log files to see the name of the 100 millionth file.

The issue is a massive one for the industry and in a back-channel discussions a number of people made comments regarding how much of a risk to the cloud industry service provider access to data is. One person went on to say that this perception is poison to sales growth in the industry.

That conversation got me thinking – I’m involved in a bunch of different initiative which have a degree of service provider access to customer data.

I’m also aware of a number of vendors who, despite protesting that their employees cannot access customer data, have a global override option that does in-fact give people within the vendor organization access to a customer file – yes this access is audited, but it’s still there – no one will admit to it publicly, but suffice it to say it happens.

I’m actually pretty relaxed about that fact, despite it sounding scary. I’m relaxed about it for a couple of reasons;

A Cloud vendor lives and dies by performance – As a Cloud vendor, all that matters is giving customers the service they expect and treating their data with unbelievable respect.

Any vendor that breaches trust, loses data or allows something untoward to occur will soon go out of business. I’ve yet to see proof of a real event for a paid cloud product where data escaped to competitors or the outside world

It sure beats a USB key left on the train – Face it, businesses, and especially those on the small end of the scale, have absolutely hopeless data security procedures. I’ve seen full unencrypted spreadsheets of the most incredibly sensitive nature stored on USB keys and inadvertently left places or downloaded to foreign laptops.

Put it this way – faced with a choice between my data being burned to CD and passed around amongst high society on the London underground, or the potential that a handful of highly professional technicians within a vendor have access to my data, I sure know which choice I’d make.

Last word has to go to someone involved in the data integration industry – an industry where having access to raw data is table stakes. The reality for integrators is that they’re paid precisely TO look at customers data – so that they can ensure a speedy and effective integration. As this person commented;

Even at the bank some rogue employee can check your bank statement but we still keep our money in there. Even at the hospital some random nurse could access your file and see details you consider very private. I don’t think it’s possible or commercially viable in our world to write a product to the point where you can guarantee that *nobody* can read the data (devs, sysops, customer support, db admins) and I don’t think you can prove/convince the customers about that either.

Yes, trust is important and yes, customers should ensure the professionalism of those with whom they place their trust. But knee jerk reactions just because somebody working within a software vendors can see your data are misplaced and misguided.

Cross-posted from Diversity

Possibly Related Articles:
Service Provider
Cloud Security Insider Threats Storage Access Control Cloud Computing Managed Services Data Center Personally Identifiable Information USB vendors Data Protection Ben Kepes
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked