Zit Seng's Blog

A Singaporean's technology and lifestyle blog

Celebrity Hacks Underscore Cloud Risks

DSC01438A trending news topic right now is about the possible hack of celebrity iCloud accounts. This brings me to one of my pet topics. How much of the cloud should you (and me) trust? You see, there are many great benefits with using the cloud, and I do love it as well. But at the same time, I don’t quite trust the cloud.

My distrust with the cloud is not solely on the basis of security, but security and ownership are definitely some of the important aspects of it. The problem with cloud is that you are depending on another party, the cloud service provider, to tender the service to you, whatever that service is. You lose some control. You lose some ownership. What happens when something screws up?

The case in point here concerns the unauthorised publication of some, let’s just say, embarrassing content. Now, let’s be clear that there is, at this time, no confirmation that hacked iCloud accounts were indeed responsible for this leak. It’s merely a speculation, and investigations are on-going. But let’s just say, hypothetically, that it is indeed the case. You entrusted some secret content to a cloud service provider, and the cloud service provider failed you. They say oops. But you’re the one having to deal with the damage.

The risk with cloud is not just about security breaches, but also about availability and loss of service. What happens if all your data is in the cloud, and the cloud loses your data? It has happened. Even AWS has lost data. Another possibility is a cloud service provider who decides to end its service, although in this instance there is usually a planned termination and ample time for you to figure out what to do.

These concerns lead me to prefer private cloud, at least to some extent. For my cloud storage service, that means I’d prefer to own my disk, own my infrastructure, and basically own the entire service myself. If anything does go wrong, I’ve only got myself to blame. Do I use public cloud? Oh yes, unfortunately, I still do use public cloud storage services. They’re usually more convenient to use, have more features, etc.

The private cloud is also not exactly  the best solution anyway. First, most people don’t have the technical expertise, or the resources, to run their own private cloud. Private clouds do not preclude the likelihood of a security breach. In fact, it may be argued that private clouds may be less secure, and hence easier to breach. So if one were to be concerned about security breaches, an individual, at least in most cases, could be worse off trying to do this on his own.

So you have this situation with private versus public, which probably applies to most users:

  • Do it yourself. However, you probably can’t do it as good as the pros.
  • Let someone do it for you. However, you’ve got to depend on that someone to do their job properly.

Neither seems to be a particularly good answer for most people.

Data storage is relatively low-tech. For most people, the best solution is to adopt a mixed approach, or alternatively, treat public cloud as unsafe and adopt additional protection mechanisms when sensitive contents need to be stored in the cloud. Always, still, remember that the cloud can disappear any time, so make sure that data is backed up somewhere else. Preferably in storage you own and can hold in your hands.

What about other cloud services? Cloud is a buzzword that can refer to so many things. For many people, this will include email (e.g. Gmail), photos (e.g. Flickr), various documents (Google Drive or Office 365), etc. In some ways, social networks are cloud too.

Don’t forget many new things are getting onto the cloud too. Take for example, D-Link’s cloud connected wireless webcams. The mydlink.com cloud feature is very nice, allowing your video feed to be accessed from anywhere. But, do you realise that since the video passes through D-Link’s infrastructure, theoretically they could record your video? Even if they don’t do that, hackers could gain access to D-Link infrastructure and make that happen?

The cloud is nice, convenient, and very useful. But there are associated risks that you need to consider.

Leave a Reply

Your email address will not be published. Required fields are marked *

View Comment Policy