Busting the myth that bad cloud security was to blame for Apple’s recent celebrity data disaster
Overview: We discuss the ‘celebrity hacking’ iCloud saga and debate whether or not the breach was likely down to Cloud encryption issues or inadequate internet security measures.
Apple’s recent ‘celebrity hacking’ iCloud saga has stirred up several concerns about the safety of data in the Cloud. What if my confidential data was to be leaked in the same way, I hear you ask? And if society’s VIPs are helpless to it, what chance do I have of keeping my information safe? Well, cloud users shouldn’t be overly concerned. The scandal, as with many leaks, was actually more to do with each affected individual’s internet security (or lack thereof). Here’s why this recent drama shouldn’t break our trust with the Cloud.
Just because you’re uploading data on your computer to the Cloud, doesn’t mean you don’t still need to make sure your own computer is safe. Hackers can still target your personal or business computers. If, for example, you’ve subsequently uploaded this data to the Cloud, it certainly doesn’t follow that any obtained data was definitively taken there. Virtually all ‘clouds’ are down-to-earth facilities called Data Centres that store and distribute data, the good news is that they are military-grade strength in terms of access and security.
Most of the problems come from device based computer hacks and there are of course products available to protect you from potential invasions when you’re connected to the internet. Safeguarding your system will keep your data better protected. Once you’ve implemented strong security software, all you need to do is follow the same security advice that’s been dished out to users since the dawn of the web: make sure your passwords are extra-long and impossible to guess. In the light of the hacking scandal, Apple also suggested customers sign up for ‘two-step verification’ to add an extra layer of protection to their accounts.
Another theory regarding the leaks is that information may have been disclosed in response to phishing emails. Here, managers or even the celebrities themselves may have accidentally shared their passwords in a socially-engineered attack. If you should notice anything suspicious whatsoever about an email asking you to verify your information, ignore and delete it.
The Cloud, and cloudware services in general such as software-as-a-service, cloud-based communication applications like Skype and security packages are normally protected by very sophisticated security measures. Given that a growing number of people are signing up for cloud-based services, you should not be concerned that the cloud providers themselves are going to break the confidentiality agreements they have with their customers.
Of course, there is always the very small chance of a breach in security, whatever system you’re using whether it is in the cloud or not. But when a cloud vendor has previously been accused of being at fault in the event of a data hack, it’s often turned out not to be their fault at all.
This is what Apple suggested in their statement following the hacking scandal. The leak was blamed on a ‘very targeted attack on user names, passwords and security questions’. As opposed to it being a fault with cloud security, it was suggested it was perhaps more to do with individual user details and passwords not being sturdy enough.
Of course, it is unlikely your business would ever be targeted in the same way that mega-famous celebrities are. The iCloud hacking scandal just reinforces the need for all accounts to be sufficiently protected wherever possible to avoid any ‘brute-force’ hacking tactics.
Many, many cloud providers have not yet had to worry about hacks, but high-profile cases like Apple’s immediately cause the public to panic. Apple are certainly not exempt of any blame – as the Wall Street Journal suggests, the scandal was much like a ‘door not having a doorman’ – but in general, iCloud-gate shouldn’t fuel too much worry amongst the public about cloud security. Users just need to remember to investigate their providers’ promises in full, and make sure that the internet security that they can control is absolutely watertight.
By Gary Gould
