What Businesses Can Learn From the iCloud Security Breach
If it isn't yet clear that sensitive information is being put on the cloud, take a gander at the various news stories this weekend about Jennifer Lawrence's nekkid bits finding their way onto the public Internet. Lawrence and other celebrities were victim to a hack of iCloud in which several nude selfies were stolen.
September 3, 2014
If it isn't yet clear that sensitive information is being put in the cloud, take a gander at the various news stories this past weekend about Jennifer Lawrence's nekkid bits finding their way onto the public Internet. Lawrence and other celebrities were victim to a hack of Apple iCloud in which several nude selfies were stolen.
Some are calling this a reason to distrust cloud, but for businesses, the real story is in how sensitive data is being secured and whose responsibility it is to protect it—the business's or the cloud service provider's? The brute force attack that enabled the theft of personal photos should not be considered a sign of security weaknesses of the cloud, but in security weaknesses of an individual cloud and its users.
Boris Gorin, head of security engineering at FireLayers, indicated in a blog that the breach has called into question who is responsible for the security of data stored in the cloud.
"Most users of cloud-based services wrongly assume that the service provider, in this case Apple, is responsible for managing the data, access and usage of their service. This just isn't the case," Gorin wrote.
The breach perhaps provides an ideal time for further education of end user customers. Gorin explained: "It is your obligation to manage their passwords, protect against identity fraud, prevent loss or theft of their devices, encrypt their sensitive data, access to their devices via secure networks and a host of other risk mitigation activities. Cloud service providers are charged with ensuring that their application and IT infrastructure is secure and in working order. The same division of responsibility exists between corporations and the cloud service providers of enterprise business applications like Salesforce, Google Apps, NetSuite, SugarCRM, WorkDay and others."
And as more sensitive data shifts into the cloud, whether potentially inappropriate selfies or something more business-like such as customer data, maintaining security becomes even more critical.
Let the iCloud breach be a good lesson as to what not to do—not the part about placing sensitive data in the cloud, but about ensuring appropriate security measures are being put in place.
About the Author
You May Also Like