how safe is the cloud

Cloud Risks: Just How Safe is the Cloud?

Cloud computing provides instant access to data through an internet connection. Whether on a desktop, a tablet, or even a phone, data is available anytime, anywhere. For businesses, cloud computing reaps benefits such as scalable storage for databases, applications, and files while eliminating the need for a data center or IT support team.

Risks When Migrating to the Cloud

Even technology experts reveal that there is no such thing as a completely safe cloud system. From security flaws to support issues, there are significant risks users take when migrating to the cloud.

Loss of Control

Someone else is looking after data that is transmitted, processed, and stored in the cloud. Data is stored off premises and all maintenance and monitoring is done by a third party provider.

Lack of Support

Many cloud-based services have inadequate customer service in ratio to customers. Imagine being unable to access your information, but being unable to get help right away. Waiting up to 48 hours for a response could ruin a business in a crisis situation.

Privacy and Confidentiality

Privacy violations happen frequently enough in the cloud to cause concern among potential and current users. This is unacceptable when transmitting and storing sensitive information, specifically financial and health-related data.

Insider Breaches

A contractor for Vodaphone stole personal information from two million German customers. Victims were warned about possible email phishing attempts, as the thief had enough significant data on users to make these seem legitimate. With a cloud, this could be worse as administrative access enables an attacker to steal, and even destroy the cloud, in a matter of minutes.

Cyber Attacks

With recent cyber attacks, such as the hacking of Apple’s iCloud, businesses are right to be concerned. Any time people data is stored on the internet, there is a risk for a cyber attack. This is especially problematic with cloud computing, where all types of users on the same cloud system store extensive amounts of data. The fear of cloud computing is that data is always at risk. Hackers are advancing as fast as the technology.

MyWorkDrive as a Solution

If the above concerns make cloud computing an unacceptable risk, consider a different approach. Businesses can get all of the benefits of saving to the cloud but in a more secure and private solution with MyWorkDrive.com.

apple icloud hack

Apple iCloud Hack

The U.S. Federal Bureau of Investigation warned U.S. Businesses in early October that hackers it believes to be backed by the Chinese government have recently launched attacks on U.S. Companies.

Days later, Apple’s iCloud storage service China was attacked by hackers trying to steal user credentials. Greatfire.org, a Chinese web monitoring group, broke the news online and adds that it believes that Beijing’s Cyberspace Administration of China is behind the campaign.

Using what is known as a man in the middle attack to intercept user data. This is when the attacker intercepts messages and then retransmits them, substituting his own key for the requested one, so that the two original parties still appear to be communicating with each other. Earlier in the day, Google and Yahoo faced similar attacks.

The attack coincided with the release of the new iPhone 6 and iPhone 6 Plus in China. Apple added new security measures to its latest phones, designed to limit government and law enforcement surveillance of users.

Ironically, China’s Ministry of Industry and Information Technology accused Apple’s iPhone of posing a threat to China’s national security and delayed the release. Bowing to government pressure, Apple’s iCloud data storage was shifted to China Telecom, which was the target of the attack.

Greatfire.org explains that since the attacks appear to originate from “deep within the Chinese domestic Internet backbone” data interception would not have gone unnoticed by Chinese Internet providers.

The timing of the hack could be related to tens of thousands of Hong Kong citizens taking to the streets seeking freedom from the mainland Chinese government. Chinese authorities could gain access to photos and data stored on iCloud related to the Hong Kong protests.

This operation does not just affect China, but for Internet users everywhere in the world. In December, news emerged that the Cyberspace Administration of China was now in charge of China Internet Network Information Centre; the authority that issues digital certificates to Web sites here. Web browsers all over the world are now trusting the Chinese government to tell it which sites are genuine.

Foreign companies are bending over backwards to comply in exchange for market access. These attacks are these companies paying the price for that privilege.

Policies mandate that vendors file sensitive IP, such as source code, with the Chinese government. While foreign entities are hesitant to adhere to these policies, the potential for impressive profits in China makes compliance tempting. And to the extent that they do comply, experts say, the companies’ hardware and software become vulnerable to Chinese hackers who could obtain those keys.

Incidentally, Apple posted the biggest quarterly profits in its history thanks partly to booming sales of the iPhone 6 in China, revealing that it sold more iPhones in China than in the US in the final quarter of 2014.

decentralizationof the internet

The Decentralization of the Internet

If you have heard of or are familiar with Bitcoin, you are witnessing that revolution of decentralizing the Internet. The Internet we know now is not the net we knew just 10 years ago, and it is not the same as the Internet we will see in the next decade. Think about the daily activities that occur on the Internet: file sharing, photo sharing, sending and receiving money, and collaborating or saving files to a cloud. This is the centralized Internet we know today, but there is a technology Super Storm brewing and it will completely transform the Internet platform. Decentralization of the Internet is inevitable, and it is simply a change of power: Internet control is taken away from the bureaucracy’s government agencies, and it is placed in the hands of its users.

 

Who is in charge of the centralized Internet? Not you. It is government agencies, banks, social networks, and bureaucratic mega groups. They are essentially the gatekeepers of the net. Everything shared, stored, downloaded, paid, and uploaded go through the Centralized Almighty. What does this mean for Internet users? Well, first, it means nothing is truly safe or owned. When Google goes down, worldwide Internet traffic tanks by nearly half. This system is weak and flawed, and inevitably susceptible to greed, security attacks, and exploitation. Honestly, when users click the ‘terms of use’ on a site, they do not know what it really entails. The on-demand access we crave opens us up to wire-tapping, intrusions and leaks.

 

The movement to grant users control of their own data is one that many programmers, law professors, and anyone else who values security and privacy, is to decentralize the Internet. The process of decentralizing the Internet makes users ‘self-hosts,’ out of the boardroom and government institutions and in to the hands of the users.

 

Many technologies will contribute to the transition to a decentralized internet: peer-to-peer social network models; open source software routers that enable communities to build their own mesh networks; mesh networking apps; small, wearable computer devices; Wireless Registry; Cryptocurrency; cryptography; peer-to-peer payments and lending sources; and online learning platforms. Ownership will be authenticated and correspondence will be achieved individually. Instead of large scale hack attacks, ‘.bit’ domains and the information on the sites cannot be taken over by government agencies or criminals; access is granted to or surrendered by the owner of the site.

 

It is expected by 2020 that more than 50 billion devices will access the Internet, which means data and privacy are the most susceptible victims of the centralized Internet. Decentralization will face tough legal, political, social and technological challenges. With anonymity and control being the focus of the movement, pushback will surmount. One of the most desirable functions of decentralization may also be its greatest hurdle. It is possible that liability and accountability will be compromised as well, as increased illegal activities. Nevertheless, privacy, ownership, data protection and innovation will keep the decentralized Internet a technology for the people.

dropbox hacked

Dropbox Hacked

Was Dropbox hacked? According to Dropbox, absolutely not. The Internet lit up with reports that the popular cloud service was hacked, which potentially exposed millions of its users, but Dropbox quickly reassured its users that reports were false. Dropbox quickly came to its own defense and strongly rejected the claims.

 

According to The Next Web, an international, Internet technology online news provider, the leak was noticed on a site named Pastebin. The hackers released a list of 400 accounts and threatened to release more if it did not receive its requested Bitcoin ransom.

 

According to the hackers, they had more than 6.9 million email addresses and passwords that belonged to Dropbox users. A Reddit thread appeared online when the story was first uncovered. According to The Next Web, Pastebin had four files that linked to documents containing Dropbox usernames and passwords. An anonymous user that sought out Bitcoin donations for more leaks teased the posts. The hacker teased that he/she had more information, and continued financial support would result in more leaks. A few Reddit users reported that the information really worked. However, a more thorough investigation was not conducted to verify the validity of the grand, and expensive, claim.

 

Immediately, Dropbox issued a response on its site, forcing The Next Web to print an update to its initial report. The Dropbox statement stated that the site was not hacked.

 

Dropbox Response:

 

Dropbox wasn’t hacked

Posted by Anton Mityagin on October 13, 2014

Recent news articles claiming that Dropbox was hacked aren’t true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens.

Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”

 

“Update: 10/14/2014 12:30am PT

A subsequent list of usernames and passwords has been posted online. We’ve checked and these are not associated with Dropbox accounts.”

 

There are a few concerns users can take away from the Dropbox story: reusing the same password on multiple sites and the threats of third-party sites. Many users are discouraged by trying to remember multiple passwords for multiple sites, but it is absolutely necessary to ensure your online privacy and to protect your data. Use passwords that are difficult to decipher, and consider using a password management system to assist you with remembering and frequently changing the information.

 

One of the most disturbing dimensions of the story is the risk of third-party sites. Too many services permit access to third parties. Third parties are often blamed for the security breaches, but the fact is, many services are not doing enough to vet the application and sites that are permitted to access their platforms.

Enjoy the benefits of the cloud without giving up your data to a third party service like Dropbox with My Work Drive.