This month Graeme Wolfe, Information and IT Security Officer has his head in the clouds!
Many people and organisations talk about ‘cloud’ services for data storage and the hosting of services. It sounds impressive and is often hyped up in marketing campaigns. However, the reality is rather more mundane and amounts to merely putting your data or an organisations data or IT service on another organisation’s computer, usually using the internet as the transport method.
So, if you have pictures stored on Instagram or Photo bucket and keep emails, attachments or other files on Google, or Office 365, then you are already using cloud storage services – probably without even realising it!
Two of the great advantages of cloud storage are that you can access your data from anywhere that has an internet connection. Often there is no cost, at least when storing items on a small scale. Cloud storage services can also act as a ‘back up’ to your hard drive or local storage, so you have a copy of things in case your local storage fails.
Two of the problems with cloud storage are that if you don’t have an internet connection you are unable to access your data. Also anyone else who has an internet connection potentially has an opportunity to try and access your data too. Plus you lose physical control over your data and have to rely on someone else to protect it for you.
One question you should be asking yourself when using cloud services is “Do I trust the company who owns the ‘cloud’ to keep my data safe and secure?”
There was a lot of talk in the press last year about celebrity cloud storage accounts (iCloud) being hacked and data (mostly intimate pictures) being stolen. The resulting forensic reports on these attacks showed that many were due to the use of weak passwords, being guessed (or forced) by the attackers.
In my blog dated January 2016 I spoke about the creation and use of secure passwords, for access to any online services. Cloud storage and services are no exception to this, so make sure you have a strong and unique password if you use these services.
You should also be aware that many cloud storage companies will limit their liability for private users (in those terms and conditions we all tick to say we have read and agree to) often to a maximum of $5. Which you may be fine with, if you are storing and sharing some unimportant data. But if the data is worth more than $5 to you, then you should think twice about where you store it. Even if you enter into a commercial (paying a fee) agreement with them, they will limit their liability in the event of lost or corrupted data. But these services should not be used to store, sensitive commercial and personal information on, unless the data is encrypted and the host has no access to the decryption password.
Some modern personal devices will automatically upload data to the cloud for you, so if you don’t want to do this or you want to control what and when it does this, then check the security settings on your device.
Tip: Type “security issues for [your device]” into google and see what comes up. You may be surprised. Then type in “security settings for [your device]” to find out how to keep your data safe.
So in conclusion. Cloud storage can make your life quicker and easier, but take a moment or two to consider putting data security measures in place to make it less quick and easy for any potential attackers.
Graeme Wolfe, Information and IT Security Officer 12/04/2016