What the Adobe security breach can teach you

  • 19-Nov-2013

I dread those emails that go along the lines of, “We've checked a list of millions of compromised accounts and cross referenced it with people who have an XYZ account. We noticed that the email that you used to register for an XYZ account was on that list of exposed accounts.”

The latest case of such unpleasant activity was due to a serious security breach when Adobe was recently hacked. Adobe, as you may remember, has been transitioning most of its products to the cloud: Creative Suite, for example, is now part of the Adobe Creative Cloud.

Adobe Experience Manager WCM and DAM (former CQ5 product line) are also cloud-enabled (through Adobe Marketing Cloud), even if few of their licensees use it that way, yet. The former Omniture analytics platform also uses an Adobe ID as its access mechanism. So the question here really is: Can you trust vendors to keep your information secure? Is the cloud secure? What if your professional IDs for enterprise scenarios get co-mingled with large volumes of vulnerable consumer IDs for more plebian services like Photoshop?  If a software giant like Adobe cannot get its act together, how can you trust a myriad of smaller cloud-based providers that litter the enterprise technology space?

What happened with Adobe is unfortunate, but not shocking. I've lost count of vendors who have gotten hacked in the recent history. Sadly, it’s become a norm of digital life. According to various sources, hackers obtained data for more than 150 million Adobe ID user accounts. Adobe admitted to only 38 million of those.

So, a few words of advice. When working in the cloud, you may need to enforce certain password practices that you apply for on-premise applications, even if your SaaS provider doesn't mandate strong passwords and regular password updates. You'll also want to work to minimize reuse of passwords across applications, and prevent people from using personal logins for professional accounts, and vice-versa. (Special shout-out to Google Apps users there...)

Of course, simply maintaining software on-premise does not guarantee any security panaceas.  In the end though, with cloud applications, your vendor still bears responsibility for adequate levels of security. (Adobe, allegedly, was not “salting” their passwords.) Maybe for hosted Photoshop the stakes are lower, but for DAM or WCM in the cloud, you'll want to perform very careful diligence.

Our customers say...

"The reviews of various CMS packages in the Web CMS Research is well structured, allowing readers with different roles to easily examine each product in detail and quickly make comparisons between products. But even better than the excellent product reviews is the clearly written, comprehensive, and non-biased explanations of the Web CMS landscape. In addition to making it easier to more fully appreciate the massive amounts of product information, it also provides readers with great guidance that will assist them with any CMS selection and implementation."

Murray Thompson, P.Eng., Webmaster, City of Grande Prairie

Other Web Content & Experience Management posts