By Leo Notenboom
This is a short question that opens up a veritable Pandora’s box of issues and
considerations.
I believe that there’s a lot of misunderstanding about just what information
safety means and how secure your data is and is not when you use cloud-based
services.
Of course, there’s also a lot of misunderstanding about just what “cloud-based services” even means, so we’ll need to define that a little first.
The Cloud
I’ve talked about cloud computing before,
but as a reminder, my definition is really pretty simple:
The cloud is nothing more than the internet and cloud services are nothing
more than services that you can access over the internet.
Some examples:
are fundamentally trusting that they know what they’re doing.”
-
Hotmail, Gmail, Yahoo mail, and the like – If you’re using their web
interfaces, your email is in “the cloud” and has been for a very long time. -
Share your photos on Flickr, Picasa, Photobucket, or some other online photo
sharing service? You’ve been putting your photos in “the cloud”. -
Google Docs stores documents of various sorts for access and collaboration
in “the cloud”. -
Services like Roboform, Lastpass, DropBox, Evernote, and others back up
your data to their servers in “the cloud” and they often allow you access to your
data from just about anywhere that you can connect to the internet.
You get the idea … “the cloud” isn’t really anything all that new; in fact, you’ve probably been using it for some time already. As network speeds and
capabilities have expanded, so too has our use of helpful and powerful services
out on the internet.
Calling it “the cloud” just sounds a lot sexier.
Why cloud security matters
There are two basic types of information that you care about keeping safe
when you use online services:
-
Information about you, such as your email address, passwords, account
numbers, and the like. -
Information that you’re using the service to manage, such as your email,
address book, documents, photos, and more. While some of this might be public –
such as photos which you choose to share – much of it may be private information that
you wouldn’t want the world to see.
When using an internet-based service, you’re placing all of that information onto servers that by definition anyone on the internet can access. How
much of your information that they can access is a function of how secure the
service is and what privacy choices that you may have made within that service’s
offering.
And it’s also a function of their technology.
Threat #1: Account hacks
The most common threat that individuals face is simply the single account hack.
Your account is somehow compromised and someone other than you (someone who
shouldn’t) gains access to your information.
While the most common or obvious example currently is an email account being
hacked to send spam, your use of any online service is at risk if you
don’t take appropriate measures.
When you place information in a location like a server on the internet that
anyone could reach, it’s fairly clear that you need to protect the access to
it.
-
Pick a strong
password. -
Access your account only from computers that you know are secure.
-
Don’t share your login information with anyone.
-
Avoid scenarios where your login information might be captured, such as
unencrypted connections on free open-WiFi. -
Take the time to understand the service’s privacy policy and account
settings to ensure that you’re not publicly sharing something that you meant to keep
private.
Hopefully, that’s a boring list as these are all things that you should already
know by now.
But the fact remains that when individual account compromise typically
happens, it can usually be traced back to an oversight or issue somehow caused
by the account holder.
Protection from individual account compromise is in your control.
This post is excerpted with Leo’s permission from his blog.
FaceBook URL: Leo’s Facebook
Twitter URL: http://twitter.com/askleo