The recent, high profile compromise of several celebrities’ iCloud personal photo archives (see Jennifer Lawrence naked photos spark fear of mass celebrity hacking) reminds us of the inherent vulnerability of all cloud storage. Popular media now asks if Apple’s iCloud service is safe (see Is Apple's iCloud safe after leak of Jennifer Lawrence and other celebrities' nude photos), but the question should be even broader.
With massive consumer use of general file storage solutions like Dropbox, consumers should worry about compromise of these stores. The type of compromise that Jennifer Lawrence and other celebrities experienced could happen on any cloud storage provider — Dropbox, Box, Amazon Cloud Drive, Google Drive, Microsoft OneDrive, and, of course, iCloud.
As a first step, consumers must secure their access to cloud assets with strong, secure passwords which they change often. This minimizes the risk of an attacker directly accessing the consumer account using their legitimate credentials, and ensures that an attack which compromises one account can not spill over into other accounts.
However, mere password security is not enough as the celebrity iCloud compromise has shown. In this case, the compromise resulted from a flaw in Apple’s Find My iPhone feature, and did not require direct access to user credentials. In order to prevent this kind of compromise, consumers should use encryption to prevent access even when the attacker has possession of the data.
Cloud privacy protection tenants argue for both securing the access to the data (credentials) and the data itself (encryption). This allows users to store and share data in a world where they can’t trust anyone with safety, security, and without fear. Cloud data storage has revolutionized our ability to access data from anywhere, on any device, and it’s important to not let cyber criminals take that freedom from us.
Ohanae can help. Ohanae software, once installed on your mobile and computing devices, provides complete cloud privacy protection with three important features. First, passwords are managed allowing every site to have a unique, complex password, and facilitating password changing on a regular, short schedule. Second, data — both in transit to the cloud storage provider, and at rest in their data centers is encrypted. This encryption allows for access only by you on your registered devices! Finally, Ohanae provides secure filesharing. When you need to share data with others, all the protections of cloud privacy protection can move right along with the data. Ohanae does this all without storing any keys or passwords anywhere (locally or in the cloud) — ensuring that there is no single point of compromise which would reveal your data to prying eyes.
There’s nothing wrong with storing your sensitive data in the cloud — just make sure to use Cloud Privacy Protection to safeguard yourself!
No comments:
Post a Comment