IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Are Kiwi firms exposing sensitive data to help desks?
Wed, 2nd Oct 2013
FYI, this story is more than a year old

A New Zealand IT specialist is warning Kiwis phoning cloud software helpdesks that they may expose their data to unnecessary risk.

The CEO of Optimizer, Manas Kumar, says there has been a significant uptake in New Zealand’s use of cloud services in recent years with many seeing only the benefits of storing information in the cloud.

Kumar claims however, that New Zealanders still have a ‘desktop based mindset’ when it comes to data security and this poses a significant threat to their businesses.

In the past, helpdesk staff had no direct access to data stored on the desktop and could only assist clients with general product issues.

Kumar says with the new cloud technology, helpdesk and support staff are automatically able to view all customer, financial and other data in real time when they are contacted with a query.

“We may go to great lengths to password protect our cloud data from being hacked and yet there are situations when we expose too much of our sensitive information to people we have never met”, he says.

Kumar believes Kiwis are still relatively inexperienced in terms of recognising the potential downside of cloud software solutions.

While business owners may have complex legal constraints protecting sensitive data when working with an accountant or lawyer, it is unlikely that such protections are in place with cloud software as a service (SaaS) providers.

“Often the relationship with your advisers is built up over many years - you know them personally and their reputation as an individual is closely related to their practice," Kumar adds.

“The same cannot be said about the guy you call on the helpdesk who in many cases is not even based in New Zealand - and yet has access to exactly the same sensitive information about your business.”

In many cases, according to Kumar, the best solution for customers is to forego cloud services and stick with desktop based applications.

“There are some businesses where the potential for this damage is so acute the only option for them is to stay out of the cloud,” he says.

For other SME’s, Kumar advises them to firstly check with the SaaS provider as to their policy on customer data access at the helpdesk level.

Kumar believes that eventually regulations may be necessary to ensure that cloud services offer tiered levels of protection for customer data.

Are Kiwi firms exposing sensitive data to help desks?