Cloud security: Is there any such thing?

Like it or not, technology is becoming ever more reliant on the cloud, and that has both positive and negative ramifications. On the positive side, cloud computing has opened up a whole new world of productivity that didn’t fully exist before services like Google Docs and Office 365 came into view. On a more personal scale, the cloud flipped the entertainment industry on its head with online music lockers that make it possible to access playlists and rock out to your ZZ Top albums wherever there’s an internet connection. Whether for work or play, living in the cloud can be truly awesome, but what happens when the sky starts falling?

Unfortunately, playing in the cloud isn’t always sunshine and rainbows, a point recently underscored when Mat Honan over at Wired fell victim to a band of hackers who weaselled their way into his Apple iCloud account. Honan recounted in frightening and fascinating detail how the cyber scoundrels took advantage of iCloud’s lack of a two-factor authentication process to access his account and remotely delete the data on his MacBook, iPad, and iPhone. Childhood pictures of his daughter and everything else he had stored on his mobile devices were wiped clean.

If you’re wondering exactly how this was possible, Honan’s investigation, which involved chatting with one of the hackers involved, takes readers through a thrilling tale of how various online services – in this case, Amazon, Gmail, iCloud, and Twitter – reveal just enough personal information to pose a threat to one another if a hacker is truly determined. The devil isn’t in the details, however, it’s in our reliance on cloud computing, and sometimes there’s hell to pay.

What if I’m extra careful?

Millions of PlayStation Network (PSN) subscribers trusted Sony with their name, address, birthday, credit card details, and other personal information, only to have all that information fall into the hands of hackers following a massive data breach that knocked PSN out of commission for almost a month. It was a rude awakening for millions and a reminder to us all that the concept of the cloud is still very much in its infancy, and not without significant security risks.

Hacker attacks aren’t the only potential dark clouds. Computing in the cloud requires a level of trust for things that are ultimately out of your control, like data outages and redundancy. If a data centre goes up in flames, you have to trust that a team of engineers will be able to repair the damage quickly and efficiently, and that offsite backups exist so that your data can be restored. It happens more often than many people realise.

What can I do?

Parking your data on third-party services isn’t inherently bad, it’s just risky. You can mitigate that risk by practicing smart computing habits, which first and foremost involve maintaining multiple backups. How diligent you should be depends entirely on how much you value your data, and if you’re sitting on mines of mission critical code, at minimum you should be backing up your digital bits to an offsite location on a weekly basis.

Secondly, it all comes full circle to basic safe computing practices – from choosing properly secure passwords, through ensuring your OS is up to speed with security updates, to keeping an antivirus program running and up to date. Unless you’re willing to unplug from the internet entirely (yeah, right!), you’re going to introduce some level of cloud-based risk into your online life. Safe computing practices ensure you’re doing everything possible on your end to prevent disaster, eliminating half the risk in the process. The other half is up to the players on the other side of the equation, and unfortunately, the very nature of cloud computing leaves that part out of your control.