How the Equifax breach could hurt Google, Amazon ... and my small firm
My firm provides information technology services to more than 600 small and medium-sized businesses. Most of the work we do is implementing cloud based customer relationship management, sales and marketing systems. We are a Microsoft partner. We also partner with many other great information technology firms that help our clients host, back up and secure our systems using Microsoft's Azure, Amazon's Web Services and Google's cloud services, among others.
I once thought my client base would resist migrating their in-house systems to cloud based systems. But it's happening...in a big way. According to many research reports, including this one from technology firm IDC in 2016, SMBs have been adopting the cloud at a record clip, with almost two-thirds using cloud based applications for sales growth and productivity and 78 percent planning to use software-as-a-service applications within the next three years. It makes sense. A company using cloud based applications and services can be more productive, flexible, data-driven, mobile and secure than the old way of managing our internal networks. Or so I have been preaching.
Of course, security has always been the biggest concern among my clients. We've all seen the headlines on the data breaches over the years. Many cloud based giants - from Yahoo to LinkedIn to Dropbox - have had customer data stolen. Credit card information has been taken from large companies like Target, Verizon and Wendy’s. Personal emails, movies and TV shows were fraudulently downloaded from Sony and HBO. Our own government has been hacked.
It's all very disconcerting to my clients. But Equifax? This one takes the cake. It's not only been a breach of data affecting 143 million users, but it's a breach that has cut to the core of the cloud's credibility. This is not Game of Thrones or an old credit card number. This is a company that stores our most private and confidential information used in financial and background checks, including Social Security numbers, drivers’ licenses and birth dates. It's not the biggest hack in history, but it's certainly one of the most damaging. And unsettling.
One of the things that makes this so unsettling is the company's lukewarm response. The last thing my clients (who are already nervous about protecting their companies’ customer data in the cloud) want to see is a large company entrusted with so much vital data respond the way Equifax has. It’s hard to believe that it took Equifax five weeks to disclose the breach. It’s even harder to comprehend the company's lukewarm actions. Just check a website to see if you’re affected (I am, by the way.) That’s it? Equifax CEO Rich Smith promised that the company “will make changes” in a USAToday op ed, but no real plan has been offered. I guess we just sit and wait for our bank accounts to be drained and then spend weeks of our time arguing with customer reps and bank officials to get things sorted out.
This is exactly what my clients are afraid of with any cloud based company: indifference. Class action lawsuits won't really resolve anything, although I personally hope the company gets sued out of existence.
All of this has, indirectly, affected my company's credibility. And in my opinion, Equifax’s indifference and incompetence has also indirectly affected the credibility of Microsoft, Amazon, Google and dozens of other cloud based providers.
For the past few years I've argued that although security in the cloud isn't perfect, it's certainly better than what the typical SMB can provide. Companies in this space – like Microsoft, Amazon, Google and of course Equifax - can surely afford to hire the brightest people and give them the best tools to ensure that our data is protected, right? It's their business model and it relies entirely on their customers' confidence, right? Of course they care. Right? Hmmmmm.
Just this week I've spoken to more than a dozen clients who expressed genuine doubts about their decision to move their applications to the cloud. They are less convinced than ever that their data is truly secure. Unfortunately, it’s me - the guy who pushed them there – who has no responses other than the "it's still safer" one.
Gene Marks is an author, columnist and President of The Marks Group, a ten-person technology consulting firm near Philadelphia. Gene is also a Certified Public Accountant and a small business expert.