I remember a conversation I had with my mother back around the turn of the century (and if you’re younger than 20, the ‘turn of the century’ is now turning from the 20th to the 21st century). My mom and dad had a computer in the spare room. She didn’t want to apply for online banking because she was afraid their accounts could be hacked. I had to inform her that, because her information was available online, the bad guys already could get to it, if they wanted. At the time, she couldn’t. It was eye-opening and alarming news for her.
Fast-forward seventeen years. Dozens of Hollywood’s prettiest had their iCloud accounts hacked and various, compromising pictures distributed through the internet. Hillary Clinton and John Podesta had their supposedly ‘protected’ email accounts hacked. Rumors of Israeli hackers getting into ‘secure’ Iranian reactor servers causing catastrophic failures during Iranian nuclear tests. Now, we are faced with rumors of Russian hackers getting into the US voting system and altering the election results. What about those high school reunion pictures you put on iCloud or your Google drive? Is there such a thing as a ‘secure cloud’?
Unfortunately, the short answer to, “Is there such a thing as a completely protected cloud?” is, “no.” A former co-worker of mine, Justin, is a Cisco Certified Network Engineer. He was in charge of protecting the networks of both Medicare and Medicaid utilization review servers. He informed me that network and cloud security is always a step behind the hackers, forever reacting to the bad guys’ latest, nefarious schemes. Therefore, the goal of cloud security is to be stalwart enough to keep the casual hackers out and multi-layered enough to give the administrators warning when a sophisticated attack is happening.
So… the news isn’t rosy. The information you have stored in the cloud is safe, but not 100% safe. There are definitely ways to protect yourself and make your person or business information better protected.
- Don’t assume smaller cloud providers are less likely to be attacked than the big boys like Amazon, Microsoft or RackSpace. Hackers are using software that’s looking for anything. The big boys can afford to spend more money on security.
- Whenever possible, get geo-redundant storage. That means more than one server in the world has your data. Should one site get attacked or even go down, your information is still available.
- Don’t be afraid to ask cloud providers what their disaster recovery plans are or how they monitor the information on their servers.
Still, that’s not a 100% guarantee of safety. Have contingency plans of your own. Don’t wait for the hack to hit before you try to figure out what to do.
- Determine worst-case scenarios should the cloud information get out. What COULD someone do with that information (emails, social security numbers, driver’s license numbers, etc.)?
- Set up a communication plan for your customers and/or employees in the event of a security breach.
- Keep local copies of the information to use to contact the Social Security office, TransUnion or Experian to be proactive.
In short, hope that a security breach never happens, but be ready in case it does.