Re: Agree with the sentiments of the cloud and critical data
Possible yes, but far less likely if good security design, strong authentication and centralised logging was performed.
Should support staff have access to the underlying customer data / be able to say report on / extract that data ? (select * from customers into outfile get-rich.txt;)
I expect that the average support person only interacts with say 10 customers a day, so if they are accessing more than that or via unexpected routes, then the warning lights should start to flash in the sage security office.
Even an insider should have appropriate access for their role, that is after all why there are security mechanisms built into all the core technologies..