The cloud’s accessibility and omnipresence is convenient, but this convenience demands higher security measures. If your top-secret information is stored on the cloud, it can be accessed anywhere by anyone who has the right credentials.
“Somewhere in the race for connectivity and accessibility we forgot data privacy,” says Matthew Branton, founder of SenderDefender.com, an encrypted file transfer chrome plugin.
This recent heavily covered breaking news of hacked celebrity’s Apple Photo Stream is a reminder that there is a strong unmet need in cloud security: Widespread encryption.
Not all cloud companies offer encryption built into their system. It’s up to you, users, to read through the fine print and privacy policies before you upload your most sensitive documents. Dropbox and Box, for instance aren’t immune to security breaches.
“It would be neat if I could log on to the cloud storage and the app would send me my personal key for the files I upload. Should anyone hack into my cloud storage, they would never be able to view my files.”
Smart way to lock and secure your data.
“The reality is that we need pervasive encryption services that seamlessly cryptographically secure personal information,” Branton says. “This is rapidly becoming a requirement for personal data. The only way to prevent this type of abuse is by embracing technologies that support end-to-end user controlled cryptography.”
Here’s how they did it:
Have you ever forget your password and have to go reset it? You go to the website and it asks you to answer some questions, like Where were you born? What was your first car?So, all it really takes is someone with a lot of time on their hands. Strong passwords and two-step authentication is always a must when it comes to security. For strong passwords, services like LastPass offer a great, secure way to generate hard-to-crack passwords. Full disclosure: I use LastPass and I love it.If you answer the questions correctly, you get to reset your password. That’s how it was done. Someone got a list of emails of celebrities email addresses and simple went in to Apple’s iCloud website to “reset password”.
With the email addresses they had half of what they needed to access the account. The second part was to answer a few “personal questions”.
Two-step verification is essential to protecting your information.
In order to be fully protected and add a second layer of protection, you need to enable this setting for most all applications that offer it. So, even if someone guesses your password, they still need to confirm true identity by inputting a second piece of code sent to your phone.
All companies should lockout accounts after a number of bad attempts. “Many banks and credit card sites are already doing this, and it helps protect against password guessing,” Stumpf says. “So, if someone were to steal my phone, for instance, they would essentially lock themselves out of the Cloud app, and will not be able to decrypt my files.”
What do you think is the greatest unmet need in cloud security? Tweet us @CyberCoders or CyberCoders LinkedIn.
Thousands of full-time and remote jobs in every industry. Search jobs.
We'll find you the right candidate, fast. Get started.
Our recruiters connect people with great opportunities and help our clients build amazing teams. Learn more.
