In 2014, the cloud was hitting the headlines on almost a weekly basis. Online storage was being talked about for all the wrong reasons, such as ‘The Snappening’, where thousands of Snapchat images were leaked by hackers, and the iCloud breach that saw nude pictures of Jennifer Lawrence and other celebrities distributed online.
Questions and concerns have been raised about the security of ‘the cloud’ but is there any substance to these fears?
Risk and reward
Hackers clearly stand to reap great rewards by breaking into a cloud than attacking a single computer, especially since all sorts of businesses are now choosing to store customer data this way. Therefore, cloud providers have had to redouble their security efforts to deal with this risk.
However, the level of security required can vary depending on what’s being protected. Government documents, for example, are going to be safeguarded using additional layers of security, whereas consumer documents and photos don’t need as much protection. Indeed, there is more than one type of cloud –for example, public, private or hybrid to name but a few. One size does not fit all and cloud-enabled resources needed to be considered carefully on a case by case basis.
In a bid to increase customer confidence, some cloud providers are now opting to demonstrate their security credentials by proving they conform to certain standards. Microsoft recently became the first major cloud provider to adopt ISO 27018 – the world’s first international standard for cloud privacy.
It is argued by some that, because of this increased security, the cloud is much better equipped to protect people’s data than any individual. After all, physical data centres are constantly monitored, as is the cloud itself. By comparison – as Jason Zander (corporate vice president of Microsoft Azure) told telegraph.co.uk – people do not keep their smartphone under armed guard, nor do dedicated security teams ensure it is always locked down.
Data breaches aren’t always the fault of the cloud
In the case of the iCloud ‘hack’, the cloud wasn’t at fault. The devices were hacked, not the cloud itself, which is why the attackers were able to gain access to private photos. Moreover, vulnerabilities can be introduced to the cloud if a user installs an application containing a virus or malicious software onto their device. Making the cloud secure is not just the job of the provider; software writers and the devices’ manufacturers are equally responsible, according to Mr Zander.
Since almost every web-based service uses the cloud in some way, it’s nigh-on impossible to avoid using the cloud. Ultimately, it falls to the user to decide how much data they want to share, and with whom.
If you have questions regarding cloud security or wish to discuss your own online storage strategy, call our team on 08442 471 144.