It’s been another fun
day of “blame the cloud” around the media universe, and only very few of those
media groups are smart enough to understand what they’re actually looking
at. Word has spread that a hacker, or
group of hackers, was able to crack user accounts in Apple’s iCloud and gain
access to intimate photos of various celebrities.
The headline of the Washington Post indicates that this raises “more
questions around the security of the cloud”.
What the Washington Post doesn’t get is that it’s not the security OF
the cloud, it’s the security IN the cloud.
According to most reports, it seems that hackers were able to gather
email addresses and passwords, or use tricks to leverage the email addresses in
enabling the hacker to reset the passwords.
Another apparent way in was through hacking a service of Apple’s that
helped open up a door to the user data on iCloud.
Let’s be very clear
that none of these methods means that “the cloud” was compromised. Whether your data is in a cloud, on a server
under your desk, or in your corporate datacenter, if a malicious user gains
access to your user name and/or password, they’re going to be able to exploit
your account(s). If a user gains access
to a service such as “Find My iPhone” that has connectivity to your data, but
has a security flaw, they’ll be able to exploit that. Again, this has no bearing on where your data
rests, cloud or otherwise. A key
sentence from this story by DataCenter Knowledge?: “Cloud … is only as safe as the services that
rest upon [it].”
Cloud infrastructure operates
mainly with a shared responsibility model.
This means that the cloud provider is generally responsible for the
security of its systems up to the servers on which your data resides. However,
beyond that, from the operating system on up, the user or company is responsible
for that security. As an example, an
infrastructure (cloud) provider such as Amazon Web Services will provide the
servers on which you can run your website or host your files. It, generally,
isn’t responsible for what you use that server for. If you don’t bother to (or
don’t know to) put in the necessary security firewalls on that server to limit
access, you’re running the risk of your data being available. If you don’t bother to (or don’t know to)
limit access to certain ports for traffic to your server, you’re opening major
holes for exploitation. That’s not a
fault of the cloud provider, that’s user error.
Cloud and application
providers have taken steps over the years to try and increase security not only
of their own infrastructure and data, but to help users protect
themselves. Some of these methods
include multi-factor authentication (MFA) and rotating passwords. It also includes some services in which you
have to rotate passwords on a regular basis, without using previous ones
again. While seemingly inconvenient to
the end user, it provides an important step in trying to stay ahead of the
game. Users should take advantage of
these components.
I suggest, and adhere
to when offered to me, utilizing MFA for all accounts. For those unfamiliar with MFA, examples
include setting your email provider or Twitter accounts to text you a code that
you enter before you can log into an account.
Despite the overly ominous headline, this
article from Entrepreneur
offers the same advice: take advantage
of MFA.
The breach of iCloud
is not a testament to cloud security. It
is more a testament to vulnerabilities of the applications or end user that has
access to data stored on the cloud. It
is incumbent on us to take advantage of the security measures offered so we can
all do our part.
Matt Jordan is the Cloud Services Manager for JHC Technology.
He can be reached at mjordan(at)jhctechology.com,
@matt_jhc,
or connect with him on LinkedIn.
I think it seems to be an older posts. Okay i enjoyed here by reading with hiring the best and qualified employee. And i am expecting much more post from you.
ReplyDeleteHr Consultancy in Bangalore
Hr Franchise in Bangalore
Interesting blog about security in cloud which attracted me more.Spend a worthful time.keep updating more.
ReplyDeleteDigital marketing company in Chennai
usefull and awesome article.
ReplyDeleteReally helpful post.
ReplyDeleteVerynice aricle.
ReplyDeleteThank you for sharing.
ReplyDeletevery nice blog thanks sharing.
ReplyDeleteblog It was really useful
ReplyDeleteThis information is impressive; I am inspired by your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.
ReplyDeleteopenstack training center in chennai | openstack certification training in chennai | redhat openstack training in chennai
ReplyDeleteVery useful and informative content has been shared out here, Thanks for sharing it.
Visit Learn Digital Academy for more information on Digital marketing course in Bangalore https://www.learndigital.co/.
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteSuperb blog...!!! Recently i saw your innovative blog and This is very impressed to me. In this content was a very interesting and very comprehensive explanation. Keep it up to the great work...
ReplyDeleteOracle Training in Chennai
best oracle training institute in chennai
Unix Training in Chennai
Job Openings in Chennai
Tableau Training in Chennai
Oracle DBA Training in Chennai
Excel Training in Chennai
Linux Training in Chennai
Oracle Training in OMr
Oracle Training in Adyar
Great post and informative blog.
ReplyDeleteAWS Training
AWS certification training
Thanks for this blog.This article gives lot of information.
ReplyDeleteGoogle Cloud Platform Training
GCP Online Training
Google Cloud Platform Training In Hyderabad
APTRON Gurgaon Provides quality AWS certification training courses including the most well known courses i.e. AWS Certified Solutions Architect - Associate, which equip members with the skill to make informed decisions about IT arrangements based on business requirements.
ReplyDeleteFor More Info: AWS Course in Gurgaon
Thanks for sharing. It is very helpful.
ReplyDeleteSEO Services in Mumbai
ReplyDeleteGreat post.Thanks for sharing such a worthy information...
SEO Training in Bangalore
SEO Course in Bangalore
SEO Training Institute in Bangalore
Best SEO Training Institute in Bangalore
SEO Training Bangalore
This post is so helpfull and attractive.keep updating with more information...
ReplyDeleteData Science Requirements
Career In Data Science
Nice Post. Very useful info specifically the last part . I care for such information . Thank you and good luck.
ReplyDeleteLiver Syrup
Nitzyme Syrup
Uterine Syrup
Blood Purifire syrup
Blood Purifier
Stone Syrup
Gas Syrup
Pain Syrup
Brain Tonic Syrup
Healthonit Syrup
MT Pro (Protein) powder
Start your Full Stack Course today with 360DigiTMG and be score a high-paying job soon.
ReplyDeletefull stack developer course