The Panama Papers and the security benefits of the Cloud?
According to Grant Gross from IDG News Service what was leaked, now are known as the Panama Papers, included 11.5 million confidential documents dating from the 1970s through to late 2015 -- 4.8 million emails, 3 million database format files, 2.2. Million PDFs, 1.1 million images and 320,000 text documents. All of these documents were from Panama Law Firm Mossack Fonseca.
Allegedly these leaked documents reveal how dozens of high-profile professionals including public officials in countries including the U.K., France, and China have hidden their wealth abroad to avoid paying taxes.
The details about the Panama Papers that remain more elusive are how these papers came to be ‘leaked’. How was this data and these documents accessed? It appears there are a couple of different possible scenarios including the following:
- The hack stemmed from an email hack on unencrypted emails; or
- The breach was due to a broader hack of the organization’s on-site network server.
What is clear is that if indeed these files were hacked from emails or off the server of Mossack Fonseca, this firm was not using a Cloud platform with proper security and encryption to store their documents. It appears they were using an on-site server.
What’s more, it appears once the Panama Papers were hacked, the perpetrators uploaded them into the “Cloud” and gave direct access to the papers to selected journalists.* No further ‘hacks’ occurred of the data once placed and securitized on the Cloud platform.
To read a more detailed argument as to why the Cloud is secure and perhaps why the Panama Papers may not have been hacked had they been in the Cloud, you can read, “Security and Safety for Cloud Software: Is the Cloud Secure?” - http://ow.ly/10yd9k . This article makes the argument that:
“What it all really boils down to are economies of scale. Public cloud computing systems such as AWS or Google have the resources, the manpower, and the infrastructure to make hacking into them significantly more difficult than hacking into a hosted system. While nothing is 100% safe, by putting software or data on a public cloud such as AWS or Google, you’re also buying the entire security capability of both of these major companies to come along with your services.”
And to read about why email is not secure or practical you can read, “Why email is not secure or practical” - http://ow.ly/10ydeQ. This article considers the three main places where data contained in emails can be compromised - your devices and devices of recipients, networks and servers. It then considers measures you can put in place to improve the security of your email.
IBM’s and Ponemon Institute’s 2015 “Cost of Data Breach Study: Global Analysis” analysed the average cost of a data breach for a company. It reports that the average total cost for the 350 companies who participated in their survey was $3.79 million, while the average cost paid for each lost or stolen record containing sensitive and confidential information was $154. The companies that participated in this survey had all experienced data breaches in the past year and were from different parts of the world - United States, Germany, Canada, France, United Kingdom, Italy, Japan, Australia, Arabian Cluster, Brazil and India. This report can be downloaded here - http://ow.ly/4mHUbT .
While traditionally lawyers have been suspicious of using the Cloud for practice management and storage of legal documents and have preferred to maintain their documents on-site, the Panama Papers may lead the legal profession to re-think this view on cloud security.
What are your thoughts? Could the Panama Papers have been prevented from being leaked had they been stored in the Cloud?
ContractRoom (www.contractroom.com) is a cloud-based advanced negotiation and contracting software platform that can be of #PredictiveAgreement - to learn more about how you too can “negotiate less, agree more” schedule a live demo here:
*Please refer to Thomas Fox-Brewster’s article in Forbes - “Amazon’s Cloud - The Amazing Flight Of the Panama Papers” for further details of how the leak was executed through the Cloud.