The attacks we've recently seen on iCloud users are not particularly sophisticated, but are very hard to protect against. Apple runs a very successful public cloud infrastructure and has to balance security with availability and usability. This is a well-known problem in security circles, but has now come to the forefront of many more users' minds.
It's not always feasible to run security protocols over all public cloud infrastructures. Using the public cloud is like going to the gym and leaving your clothes and bag in the changing room. There are implied items warning that you shouldn't leave your belongings in that public place if you are worried about them. It's obviously not as secure as a private facility.
Even common security precautions, such as password lockouts, can actually work against users. We recently saw attacks where the goal was to lock out a whole user community. The users actually had strong lockout systems in place, but the perpetrators used nefarious tools to keep their clients at bay and cause disruption to the business.
So even with security protection in place there can be unintentional consequences. There is a balance that must be struck, and this means that we just have to live with the idea that the public cloud is what it is. It doesn't have strong security credentials but does allow for more usability, more access and more availability. As my colleague Carl Herberger says, "It's not somewhere you should consider leaving your crown jewels."
The private cloud without doubt also has issues. Coming back to the public gym metaphor above, the idea of a private cloud is that you have a vault that you need to walk through before you get to the changing room. You need more, and you will have more protection in place with a private cloud. However, if you have very strong security requirements, maybe the cloud isn't right for you in the first place.
This is where we have a stratification of needs. What often happens is that people are misinformed or are unaware as to what the cloud provides, as opposed to something more tangible in your own environment that other users can't access.
What the recent iCloud attacks have done, more than anything, is to bring attention to different levels of security. Many more people now realise that public, and in some cases even private clouds don't afford all the sort of security measures that you may think would be applied automatically.
Your chances of rebuffing a brute force attack increase dramatically by having strong, healthy usernames and passwords. Many user IDs are very predictable, and this means they are easily guessable with minimal knowledge. Online security should be seen in the same light as a healthy living programme. You have to work at it continuously and adapt, because right now the situation is very risky.
Adrian Crawley is the UK regional director at Radware