Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Celebrity nude photos scandal a wake-up call for cloud users

Sharon Gaudin | Sept. 3, 2014
If photos were stolen during a cloud hack, enterprises may be more skittish over cloud use.

"There are security, password, and identity management issues with all types of IT systems that can and have been hacked," Krans said. "I think this type of personal backup service is more inherently unsecure due to the type of access allowed. It is not centrally managed by an organization, but by a number of individuals who require frequent and easy access, which creates more security gaps that can be exploited."

Users who apply the same password for various services and want quick and easy access to their cloud accounts don't set up the same security levels that enterprises require.

Kagan noted that this celebrity hack should serve as a wake-up call for users to be more careful and for cloud makers to build more secure cloud spaces.

"We don't know in this case whether the weak link was with the cloud itself, or with the user -- like with a weak password or no password," he added. "There are so many ways to break into the cloud and users simply are not aware there is a risk. "

Patrick Moorhead, an analyst with Moor Insights & Strategy, said the problem isn't necessarily with Apple's iCloud service.

"It's possible that a cloud service was hacked, but not probable," he said. "It's more than likely an intrusion came through compromising a PC, stolen phone or phone app passwords, or a rogue phone app."

If it turns out that the hack stemmed from a flaw in cloud security, individual users and enterprises may be pushed to boost their own cloud security.

"If a cloud service was hacked, enterprises will be more hesitant about using the cloud," said Moorhead. "But in many ways, the cloud is safer than on-premises IT as clouds can afford the latest and greatest in security techniques... Enterprises need to assure that a few things are in place. It's important that all data is encrypted everywhere in the workflow, including the client device, network and the server. It's also important to limit certain data from administrators, who may have access to account information or unencrypted data."

Other analysts said that enterprises need to conduct their own penetration testing and should not treat all workloads and data the same. Some data and applications will need tighter security than others and IT departments should make sure they get it.

Companies also should start a cloud deployment by using less sensitive data first, and then working up to more confidential data based based on what they learn.

Companies, and individuals, need to focus more on security when storing information in the cloud, Kagan said.

"We must focus more on security and protecting our private data," he said. "That just makes sense. Companies need to raise security to the top of the page... I would expect we will start to see some [cloud service] companies use security as a marketing tactic."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.