If ever there were a loaded question, this is it.
The alleged iCloud breach that leaked personal celebrity photos, including nude shots, has created a larger debate about the security of the cloud altogether. Is anything in the cloud safe, from business data to personal pics? If hackers can outsmart the world’s most valuable company, who can’t they outsmart?
Long talked about as the next generation for everything from personal storage to business software, cloud technology and applications are widely in use for all sorts of consumer and business functions. For consumers, they offer a storage solution and a way to back up data and photos. For businesses, the benefits are far-reaching, including cost savings, flexibility and ease of use. New cloud tools continue to emerge and grow in popularity at a rapid pace.
Many businesses already had security fears about the cloud, and this latest hack only stands to intensify those fears. But in truth, this celebrity photo debacle doesn’t mean much – if anything – for your business. Here’s why.
Is cloud technology to blame for the celebrity photo leak?
It’s still not clear how hackers got their hands on private celebrity photos. Media outlets initially reported that the leaks could be the result of an iCloud storage service bug, but Apple is denying those reports. The company says its systems have not been breached, and that the accounts were hacked “by a very targeted attack on user names, passwords and security questions.”
If Apple is being truthful, that suggests the cloud in itself is not to blame. There could be several other factors at work. If hackers accessed the photos by repeatedly guessing passwords and/or security questions, Apple is to blame for not setting proper limits on the number of guesses. And the celebrities involved may have failed to put in place stronger security measures, such as strong passwords and two-step user authentication, which involves some second form of verification, such as a passcode sent via text. (Of course, celebrities are far from the only ones who fail to use these stronger security measures.)
The mistake in blaming the cloud – at least at this point – is that the term “cloud security” is far too vague. There’s no universal level of security that applies to all cloud-based tools. Much of the responsibility for security lies with the measures put in place by the vendor – Apple, in this case – and the rest lies with the person who is using the cloud service. The cloud, in and of itself, is not the culprit, but it can be a vehicle when other security measures fail.
Is cloud-based business software safe?
If your company uses cloud-based business software, there’s no reason to panic. Reputable vendors have security measures that go far beyond what it took to access iCloud information, if Apple is correct. Otherwise, they couldn’t compete in this security-conscious market. Keep in mind, too, that internal servers can be hacked. Data was being stolen long before the cloud was prevalent.
However, this is a great time to make sure your security is as tight as it can be:
- If you haven’t already, talk to your cloud-based vendors about the security measures they have in place. Is data encrypted and/or fragmented when it is stored in the cloud? What kind of limits are there on who can access it, both externally and internally? Is any data shared with third parties?
- Find out if the vendor follows recognized security standards. Are they compliant with PCI guidelines? What about CSA STAR, an international cloud security certification program? ISO 27001?
- Take a look at your internal data security policies, and revise them. Breaches don’t always come from the outside, and they sometimes happen by accident when an employee inadvertently sends data to the wrong person. Who is allowed to access what, and when? Can employees access sensitive data from home or through mobile devices? Are your emails encrypted?
- Develop strong password protection. Does your system allow employees to use their first names or 1234 as a password? Start requiring stronger passwords. Consider moving from the outdated method of one-time password authentication to two-step user authentication.
Kunnect sells 100% cloud-based call center software to businesses of all sizes and political campaigns. We adhere to PCI compliance guidelines and use cryptography that would cost billions of dollars over one year to crack one password.