Cloud Security Headlines

by Dave Michels

This week there were two major security headlines that might cause you to think twice about doing business in the cloud.

The first was the celebrity photo leak. A very bad person broke into the iCloud accounts of some very pretty and famous ladies. Evidently, these celebrities had taken some private photos with their iPhone and now wish they had kept their Polaroid cameras.

A few important points:

  • The victims here, the celebrities who had their privacy violated, are consumers. They used a consumer device/service.
  • Details are still emerging, but Apple has indicated it was not a system-wide breach. That likely means the bad person got access into individual accounts through password cracking.
  • Passwords are very problematic. It’s not 20 years ago where there were just a few accounts that required them. Today, everything has a password and best practice is not to write them down and to keep each service unique and highly complex. Since this is so hard, we tend to use easier passwords instead.

The other major story was Home Depot was compromised in a bigger leak/hack of consumer information (including credit card details) than Target. This big hacks are becoming all too frequent – Target, UPS Store, PF Chang’s and now Home Depot (and there’s been plenty more) are just recent examples. What’s this have to do with the cloud? Nothing – the cloud is winning over brick and mortar with regards to commerce.

  • There hasn’t been a major hack/leak into an online retailer recently – that’s because these systems are more secure. The cloud utilizes both network encryption and server-based encryption for PCI compliance.
  • If you got a new credit card and wanted to protect it, you would be much safer shopping online than going to a local retailer and exposing your new card
  • Unlike the celebrity photos above, the cloud is winning because this cloud commerce is reasonably secure. There’s much less of a human element – that is the encryption keys don’t need to be memorized.

While the nude celebrity shots make more interesting news, the bigger story here is Home Depot. The celeb story is about 50 or so people who had their privacy violated. Something they did privately became public without their knowledge or consent. That’s bad. The Home Depot story is about 70 million people having their privacy, identity, and credit violated for doing something totally within socially acceptable boundaries – shopping at a hardware store. The Home Depot hack/leak is worse than Target’s which was big and caused serious damage to a strong brand measured in loss of revenue, goodwill, and in-store traffic. Target execs, including the CEO, lost their job and for good reason: because security isn’t something you can simply delegate to IT.

It seems that Apple realizes that it’s iCloud design has some weak spots and they are going to make some changes. There are some really smart folks out there that look for holes and often find them. iCloud wasn’t encrypted. The bad folks were able to get past the front gate and then access everything that was on a phone. Most cloud services do use encryption and most encryption is pretty solid. Most business oriented cloud services are more secure than consumer oriented services.

For me, the headlines this week make me want to do more business in the cloud, not avoid it. Some things are hard to do online – like a cup a joe. However, you can buy your Starbucks card online and use their store card (or iPhone app) at their stores.