Is it me, or does it seem that there’s been an overload of articles this week about security compromises in public cloud applications? No doubt security issues and concerns are continuing to make front page news after days and weeks of intrusions.
Gmail Hack Targeted White House
Could a cyber war turn into a real one for US?
Some prominent Gmail accounts hijacked
Sony Web Site Hack Compromises 1 Million Accounts
We’re all very eager to make use of online services, especially free ones. Some services, like the recently announced Google and Apple music streaming services, don’t contain critical information. In a general sense, you may feel that Facebook and Twitter do not either.
Study: Nearly everyone in U.S. under 50 on Facebook
Twitter used by 13 percent of online Americans
Yet the dark side (Star Wars reference implied) to all this is that the information contained in these clouds IS valuable. Since the press is filled with articles about high profile accounts, such as the Whitehouse, getting hacked, you may think that since you aren’t a target, it is very unlikely that anything will happen. Granted, you can take more precautions with your username and password. Take for example, Google’s 2 factor authentication that was recently introduced for Gmail (see article above on ‘Some Prominent Gmail Accounts Hijacked).
However, that doesn’t always mean that you’re going to be safe. Hackers can get INSIDE clouds too. Thousands of Sony Playstations became well aware of this when hackers broke into Sony’s cloud, stealing sensitive accounting and personal data for the entire network’s users.
YOUR data is valuable. In some cases individually, other times in bulk. But here are some sample black market prices for your data. Hackers, spammers, or other unscrupulous individuals will pay:
* $1-$6 for a U.S. credit card with verification value
* $14-$18 for an identify (including bank account, credit card, DOB, and government ID#)
* $300 for a online backing account with a $9900 or less balance
* $6-$20 for a compromised computer
* $3 for valid Hotmail, Gmail, or Yahoo cookies
With so many contexts and definitions around ‘cloud’, many wonder what is the difference between ‘private’, ‘public’, and ‘hybrid’ clouds. In general, it’s similar to the reasoning that many would falsely use when saying “A Mac doesn’t get viruses”. The reality is that Microsoft was a much bigger target because of a much larger user base. The same holds true for the cloud, the bigger the cloud, the bigger the target. All are vulnerable, but some are specific targets.
Keep in mind the following:
1. Choose strong passwords, and consider 2 factor authentication
2. Be careful about the type of data (sensitivity and criticality) you place into public clouds
3. Never have only one cloud provider holding your data (learn this from the Amazon ESB crash, which encountered complete data loss for some who had no ‘Plan B’)
4. If you are a business considering a complete migration to public clouds – think carefully. A hybrid or private cloud may better protect you and your organization, and in many cases, may be required for regulatory compliance for a specific industry.
For more information about our secureConnect Managed Security service, or our webConnect Hybrid On-Premise or Private Cloud solutions, please contact our team for more information.
President & CEO