As hundreds of nude photos of celebrities flooded the Internet Labour Day weekend, speculation ramped up over possible vulnerabilities in Apple’s (Nasdaq:AAPL) iCloud system.
Following an internal investigation, Apple said the private pictures were stolen as a result of targeted attacks on celebrities’ phones – not because of a security breach within its cloud system.
But the case highlighted the fragility of computer security for both consumers and corporations as the use of cloud computing continues to expand.
The cloud is a term used to describe accessing traditional computer services through any device connected to the Internet. Instead of connecting to it from a desktop hard drive, data is stored in off-site servers that can be accessed online.
“Because [the cloud] is different, because it is new, people have a false sense of security to the old ways,” said Dave Weisbeck, chief strategy officer of Visier. “But they are not secure. There are fundamental flaws.”
His Vancouver-based startup provides organizations such as Yahoo Inc. (Nasdaq: YHOO) and the City of Edmonton with workforce analytics through the cloud.
Weisbeck said it’s far riskier to carry around a laptop with proprietary information than keeping it in a secure cloud system. He added that anyone unconvinced about the cloud’s security should remember it’s in the best interest of companies to ensure their clients’ data is protected.
For instance, a company will have established minimum security standards clients should be aware of. SOC 1 (service organizational control) – pronounced “sock one” – covers checks and balances to ensure no single employee’s negligence could result in a massive data breach; SOC 2 outlines the steps taken to ensure privacy and protection.
“You know when companies have those [standards], they’re doing the right things,” Weisbeck said. “It’s not proof there will never be an issue – they’re doing the right things to make certain that the odds of an issue are next to none.”
Mark Cunningham, president of Dun and Bradstreet’s (D&B) (NYSE: DNB) Cloud Innovation Center in Vancouver, said it’s also important for cloud vendors to use plain English when educating clients about how the system works and why it’s secure.
“We don’t wait for them to ask questions, we tell them up front. We go, ‘Here is the way we architected our product.’ It becomes a selling point.”
D&B has the largest database containing business intelligence and information on corporations worldwide, which is why Cunningham said it’s so important to assure enterprise clients that their information is secure. But when it comes to the consumer end, he said completing five security procedures to access a person’s iCloud is overkill. “The consumer world is trying to figure out how do we create a secure environment but also make it as frictionless as possible and make the experience as simple as possible, otherwise we’ll drive consumers away,” Cunningham said.
The victims of the celebrity photo breach fell prey to what’s known as a “brute-force attack.” This occurs when hackers target usernames, passwords and security questions to break into someone’s account.
Weisbeck and Cunningham both said consumers must get in the rhythm of changing their usernames and passwords once a month to prevent a similar situation from happening.
Meanwhile, the nude photo data breach will also likely convince cloud providers to do more to assure corporate clients that their data is safe.
Said Cunningham: “You’re going to see a lot more vendors leading with [security measures] in the pitch rather than making it Slide 28 [in a PowerPoint presentation].”