What the Adobe security breach can teach you

  • 19-Nov-2013

I dread those emails that go along the lines of, “We've checked a list of millions of compromised accounts and cross referenced it with people who have an XYZ account. We noticed that the email that you used to register for an XYZ account was on that list of exposed accounts.”

The latest case of such unpleasant activity was due to a serious security breach when Adobe was recently hacked. Adobe, as you may remember, has been transitioning most of its products to the cloud: Creative Suite, for example, is now part of the Adobe Creative Cloud.

Adobe Experience Manager WCM and DAM (former CQ5 product line) are also cloud-enabled (through Adobe Marketing Cloud), even if few of their licensees use it that way, yet. The former Omniture analytics platform also uses an Adobe ID as its access mechanism. So the question here really is: Can you trust vendors to keep your information secure? Is the cloud secure? What if your professional IDs for enterprise scenarios get co-mingled with large volumes of vulnerable consumer IDs for more plebian services like Photoshop?  If a software giant like Adobe cannot get its act together, how can you trust a myriad of smaller cloud-based providers that litter the enterprise technology space?

What happened with Adobe is unfortunate, but not shocking. I've lost count of vendors who have gotten hacked in the recent history. Sadly, it’s become a norm of digital life. According to various sources, hackers obtained data for more than 150 million Adobe ID user accounts. Adobe admitted to only 38 million of those.

So, a few words of advice. When working in the cloud, you may need to enforce certain password practices that you apply for on-premise applications, even if your SaaS provider doesn't mandate strong passwords and regular password updates. You'll also want to work to minimize reuse of passwords across applications, and prevent people from using personal logins for professional accounts, and vice-versa. (Special shout-out to Google Apps users there...)

Of course, simply maintaining software on-premise does not guarantee any security panaceas.  In the end though, with cloud applications, your vendor still bears responsibility for adequate levels of security. (Adobe, allegedly, was not “salting” their passwords.) Maybe for hosted Photoshop the stakes are lower, but for DAM or WCM in the cloud, you'll want to perform very careful diligence.

Our customers say...

"The Web CMS Research was the roadmap for our entire CMS selection process. It truly provided a basis for understanding what we should look for and expect in a CMS. Above all, since we used the report as our guide, we are more than confident in our CMS selection. If we had to go through the process all over again, we'd still rely as heavily on this report as we did the first time."

Michele McDonald, IT Project Manager, University of Oklahoma

Other Web Content & Experience Management posts

TeamSite Marriage Counseling

  • August 12, 2019

Was reminded recently in a call with an RSG subscriber that some TeamSite implementations linger on, like a really bad relationship you can't seem to end. Maybe it's time for counseling?...

What Is a Real Quadrant?

  • July 16, 2019

Customers have a love-hate relationship with marketplace "quadrant" diagrams. You suspect there's something not right in the arbitrary positioning...and you're correct!...

MD