Cloud Vulnerability Hits Mainstream Press
March 20, 2017 - posted by Nexo
A few days ago, Geoffrey Fowler wrote an article for the Wall Street Journal called, “Is Your Stuff Safe in the Cloud?” If you’ve been following our blog, you know how we’d answer that question… Mr. Fowler cites two major breaches in his article:
“In August, Dropbox reset the passwords for 68 million accounts in response to a 2012 breach. Anyone with an email address is at perpetual war with phishers, who were behind a big celebrity photo iCloud leak in 2014. Is anything safe from hackers?”
Actually, the Dropbox breach occurred in 2014, roughly the time of the iCloud leak. Old news, you say? Not really. Even though the Dropbox breach took place more than two years ago, they didn’t realize it had even happened until last year. It’s quite possible that some number of large cloud-based providers have been hacked are is spilling their users’ information as you read this. Modern malware is so elusive and clever that it’s often hard to distinguish its actions from normal business operations – so you won’t know what’s happening until the damage is done.
We were also happy to see Mr. Fowler touch on the other side of the security coin: Privacy.
“The public cloud is scariest for people concerned about privacy and the threat of government [and Cloud provider] surveillance. Your personal data is out of your own control.” Very few of us are diligent or paranoid enough to constantly monitor which information goes to the Cloud, and which stays on Terra Firma.
The problem is that these services are so seamless that you can gradually lose track. For example, you might store all your tax information on your computer, but don’t register that the folder you used is synchronized with the Dropbox cloud. And even if you catch the error later, your information is now subject to Dropbox’s data retention policies and may be sitting in their backup system for years to come.
We also continue to use email – by far the least secure system of all – for nearly every exchange of digital information. You’d think that with all the data breaches and exploits flying around, our government would be admonishing us to seek more protected alternatives. Imagine you had someone compile all the email and attachments you exchanged in the past year. We’re betting that you’d be horrified both by the content and the number of times you may have violated your own protective policies. (You might think the same of your file sharing habits, btw.)
Next, imagine three-ring binders of your email tome on display at the local grocery store, high school, library and DMV. Now, consider this: by using email, you are virtually creating that very scenario. And why isn’t Congress all over this problem? Because email is such a rich history of your thoughts and deeds, they want to get their hands on it just as much as the bad guys do.
A glimpse inside one of Google's data centers. The Cloud is made of hundreds of facilities like this.
For a limited time, to view
the full text of this article,