Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE.
The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.
But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe.
One should realise that no system is perfect, and that vulnerabilities and bugs are very common across all systems and platforms. It’s a never ending race between those that seek to find and exploit the vulnerabilities in a system (the hackers), and the software vendors (the developers) whose job it is to fix them and prevent the hackers causing damage.
Have you ever wondered why your computer or smart phone wants to install updates on almost a daily basis? This is because every update usually contains multiple fixes and patches to address a bug or security vulnerability that has been found.
So if 1,000 companies had their data on their own servers, for a hacker to gain access to all of them, they would need to target all 1,000 companies. If however all the data was hosted with a single cloud provider, a hacker would just need to target a single company, the cloud provider. If you were a hacker, would you rather target 1,000 companies, or just 1?
Thus essentially you’re handing over the responsibility of keeping your data safe to someone else, hoping that they can do a better job at it then you can.
This exposes a fundamental flaw with the cloud methodology, as they are also prone to some of same vulnerabilities and bugs that effect the rest of us, the difference being, if a single company is compromised, only their data is affected. However if a cloud provider is compromised, all their client data can be affected.
In short, your putting all your eggs, in some else’s basket. Whilst this might be fine for some eggs, it might not be the best idea for others.
With this, here are some things you should be aware of when it comes to cloud storage services.
- Keep in mind that not all cloud service providers are the same. One provider’s explanation of “safe” may not be the same as the others.
- A security flaw or vulnerability could let an attacker invade not just a single client’s data but every other client’s information as well. This happens when a multitenant cloud service isn’t setup or maintained properly.
- Since you are already giving your data to someone else to keep safe and you no longer have the control over who has access to it, culprits could be anyone. They may be co-workers, contractors or business partners who have access to a network system or information for illegal purposes. They can wreak greater havoc especially when the cloud service is inappropriately designed as some providers might not be as strict or as good at keeping your data safe
The Advent of ”Fappening”
Over Labour Day weekend, 100+ photos of naked female Hollywood celebrities were leaked online. The event was termed as “the fappening.” The said photos belonged to famous actresses like Jennifer Lawrence, Elizabeth Winstead, Ariana Grande and Selena Gomez.
An anonymous hacker allegedly gained access to private photos of these famous female celebrities, has used an unauthorized iCloud account to steal photos and videos and uploaded them to photo repository sites including 4Chan’s anonymous image service, Imgur and Reddit.
The event caused a media firestorm and has made everyone question the reputation of the cloud computing industry.
As such, users should think twice before handing over sensitive data to someone else for safekeeping, which is essentially what cloud storage is.
How to Have a Safe Data Backup
The fappening should serve as a wake-up call for the general public and for different organisations to be more wary with the data they store in the cloud.
One should know that cloud services can be faulty by nature and that data stored in them could be accessed by people you might not fully trust, accidentally or deliberately. Some information that is supposed to be private gets stored along with data that is shared. Certain incidents may happen like a software bug or an unnoticed vulnerability that can make even the strongest passwords pointless while exposing all of that valuable data to the entire world.
So, arm yourselves with the knowledge that the cloud is only secure as you make it. You are free to upload your files but keep in mind if storing sensitive information, ensure its encrypted prior to uploading it to the cloud. If your phone or computer has a tendency (or default setting) to automatically back everything up to the cloud, ensure you’re comfortable with the risk that this data could one day be compromised and either change the setting, encrypt the data prior to backup, or simply don’t store anything sensitive that automatically gets replicated to cloud storage.
The migration of the data itself is time consuming and expensive. Whether you’re a celebrity or not, you shouldn’t compromise data security. Create strong passwords and encrypt your data if you want them to remain private. Whenever you come across security questions, the answer should be unique so it would be difficult for hackers to guess.
Sarah Williams is a market researcher who loves to write about IT Support, Solutions and Managed Services.