Over the Labor Day weekend the entertainment world was jolted by the hacking of hundreds of private photos of famous celebrities, opening the door to debates about how secure cloud environments are and how safe cloud users are.
The cloud platform in hot seat now is Apple’s iCloud. Various reports from media and security experts alike indicate that the iCloud photo storage might have served as the route through which the attacks have been against Hollywood personalities.
But Apple was quick to dismiss such claims and pointed to some incidents of man-made vulnerabilities such as weak password or poor security questions. In other words, it maintained that iCloud is secure and no Apple service has been compromised, though forensic analysis of the attack is still going on. Thankfully, Apple also moved to patch potential remaining vulnerabilities by updating its Find My iPhone service.
It is also possible of course that hackers have employed other ways to penetrate the accounts, for example, by using the personal data of account owners through a popular cyber hacking method known as social engineering. The attack was only somehow mitigated thanks to the existing deployments of two factor authentication. You’re lucky when have turned it on beforehand because it blocks attackers from possibly breaking into your online account.
There are other effective ways to protect your credentials and photos online or in cloud platforms. One must remember, nonetheless, that there is no one-size-fits-all solution to securing the cloud. But a layer of security measures will help a lot. Aside from the two factor verification methods, other protocols like log monitoring, role based network access and continuous vulnerability scanning are effective tools to ward off threats.
As a cloud user, you should also be able to have knowledge about the physical location of your personal data and cloud service providers must inform its clients on the technical parameters that are in place to secure those pieces of data.
It would be better perhaps for business to more effectively secure their users by tapping into the cloud offering of third party providers who have dedicated data centers. This way, sensitive information can be more secure from attackers.
Besides cloud storage, you can also store your data in a local managed data center and only keep certain apps in the cloud, perhaps those that are not too sensitive. This way you can maintain oversight of your data and reduce costs by using cloud as a storage for those apps that have no significant impact on you personally or as an enterprise.