Resources - Our Blog

Learn more about the latest news and information regarding audits, accounting, and IT consulting for various industries in our blog, reports, and whitepapers.

Contact Us Today!


Audit Lessons Learned from the Target Data Breach

Author: Administrator
Category: SOC 2 and SOC 3 Audit

We all know the Cloud is convenient and efficient. It allows us to access important information anytime, anywhere, as long as we have an Internet connection. So what’s the catch to this wonder technology? The catch, or potential downside to Cloud computing is that it opens the door to potential risks. As more cases of hackers stealing financial information pop up, Cloud based service providers will face more pressure to prove that they’re taking the necessary steps to keep their stored data secure.

Back in January we discussed how businesses can determine their audit needs. If you recall, we pointed out that Cloud-based businesses require an SOC 2 audit to assess and address the risks associated with this up-and-coming technology service. But why? What does this mean for both Cloud-based service providers and the businesses that outsource Cloud services to store data?

The Responsibility of Cloud Based Service Providers

The massive data breach that Target incurred this winter was a textbook example of why audits are so important, especially when it comes to financial data. While Target faces multiple lawsuits as a result of the breach, there are two banks suing both Target and Trustwave Holdings, a company Target used for credit card security services. Target and Trustwave are being sued for failing to properly secure customer data, which resulted in the theft of about 40 million payment card records, plus theft of other personal customer information.

In the case of the Target data breach, both Target and Trustwave are being accused of security failure. As the Cloud-based service provider, Trustwave had an obligation to take measures to keep Target’s financial data safe. Their failure to do so resulted in monumental financial losses, not to mention, their ruined reputation and broken trust.

A third party audit could have identified weaknesses in their security procedures, and theoretically, prevented the entire breach to begin with. A SOC audit could have provided Trustwave with a chance to differentiate themselves more easily in the market, instead of being blacklisted as a risky security company that can’t be trusted with financial data. Although it might seem like something you don’t want or need to bother with, an SOC audit allows you to provide the best security and service with minimal risk to your clients.

SOC Audits Provide Major Benefits to the Clients of Cloud-Based Service Providers

Although Target should have been able to trust Trustwave to handle their credit card security services, Target is not off the hook for the data breach. It was Target’s obligation, as the client of a Cloud-based service provider, to do their homework and determine whether or not Trustwave had proper security procedures in place. A third party SOC audit would have saved Target from having to conduct their own audit, but one way or another, an audit should have been conducted.

The Cloud's Not Going Away Anytime Soon

Regardless of the potential risks involved in Cloud computing, everyone is using the Cloud. Even in the aftermath of the Target security breach, the Cloud has the potential to be a safer alternative to data stored on premise. So long as the proper audit procedures are followed, Cloud computing will continue to grow in popularity and use, so it's better to embrace the technology and follow the necessary safety procedures than try to hide from the potential risks you stand to face.

Sign up for our newsletter to get the latest information from Assure Professional. We provide industry analysis and helpful information to help you run your business better.
Certificate Logo
Assure Professional © . All Rights Reserved