Ouest-France, a French media outlet recently reported on a revealing case of data leak  management. The leak has impacted the local city council of Laval. It was due to a system misconfiguration. The case shares some similarities with recent headlines of AWS S3 Cloud storage security misconfiguration in Australia where confidential data from both private and public organisations have been directly exposed.

The case also relates to the challenges faced by many small and medium sized organisations in best managing the protection of their data, such as:

  1. Applying the necessary access control configurations. Where is the data located? How valuable is it? Who has access to it? How well is it protected and by whom?
  2. Detecting access control misconfigurations, data exposures and unauthorised data accesses. Data leaks are often detected and revealed by third-parties instead of the impacted organisations themselves. In the case of the French city council report, it was detected and reported by a curious citizen.
  3. Reporting data leaks efficiently. In the case of the French city council, the well-intended citizen reported the case to a journalist specialised in cyber security. It seems the citizen did not know where else to go. The journalist reportedly first raised the case with the council, but it was unacknowledged. 11 days later, the journalist then reported the case to a French authority (CNIL), which acknowledged the case and managed it with the council.
  4. Taking accountability for data protection. Ouest-France’s report suggests that data protection is at risk due to city councils IT budget constraints and their reliance on the security mindset of third-party IT service providers. To me, the case suggests a lack of accountability and governance for data protection, which is disappointing.
  5. Cyber security education is lacking, and it is the biggest opportunity for improvement. I agree with Eric Filiol.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s