The Dangers Of The Cloud
Storing all your data in the cloud isn't necessarily a good idea.
The latest and, if you believe the hype, greatest thing in computing is the “cloud,” the idea that we should all store our data remotely rather than on hard drives and other such devices. It’s taken hold among Apple users in the form of iCloud, and other cloud services offered by Google (Google Drive is their latest effort), Amazon, and other companies. In some sense it makes sense and it’s very convenient. Why store all my songs on a hard drive in my house when I can put them in the cloud and access them from my phone, tablet, or laptop? The same goes for e-books and such. The cloud, however, isn’t just about songs and e-books, there are serious people out there encouraging individuals and business people to put all their data in the cloud by stressing the alleged conveniences of being able to access it anytime anywhere in an easier manner than, say, logging in via a VPN. It’s an intriguing idea, especially in a world where we are all becoming increasingly mobile and less tied down to our desktops.
However, Apple co-founder Steve Wozniak pointed out a few days ago that there are some serious problems with the entire cloud concept that people aren’t considering right now:
WASHINGTON — Steve Wozniak, who co-founded Apple with the late Steve Jobs, predicted “horrible problems” in the coming years as cloud-based computing takes hold.
Wozniak, 61, was the star turn at the penultimate performance in Washington of “The Agony and the Ecstasy of Steve Jobs,” monologist Mike Daisey’s controversial two-hour expose of Apple’s labor conditions in China.
In a post-performance dialogue with Daisey and audience members, Wozniak held forth on topics as varied as public education (he once did a stint as a school teacher) and reality TV (having appeared on “Dancing with the Stars”).
But the engineering wizard behind the progenitor of today’s personal computer, the Apple II, was most outspoken on the shift away from hard disks towards uploading data into remote servers, known as cloud computing.
“I really worry about everything going to the cloud,” he said. “I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.”
He added: “With the cloud, you don’t own anything. You already signed it away” through the legalistic terms of service with a cloud provider that computer users must agree to.
“I want to feel that I own things,” Wozniak said. “A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.
Wozniak had no idea how prescient his comments over the weekend were because, just yesterday, Mat Honan, a writer for Wired, revealed that his iCloud account had been hacked into, causing him to lose much precious data:
In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.
In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it’s possible that none of this would have happened, because their ultimate goal was always to take over my Twitter account and wreak havoc. Lulz.
Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location.
Those security lapses are my fault, and I deeply, deeply regret them.
But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.
This isn’t just my problem. Since Friday, Aug. 3, when hackers broke into my accounts, I’ve heard from other users who were compromised in the same way, at least one of whom was targeted by the same group.
Worries about the security of remotely stored data are nothing new, of course. There have been other remote data storage services that have had security issues of their own. Additionally, as anyone who runs a website that they don’t run off their own servers know, sometimes your entire businesses Internet presence can be at the mercy of company thousands of mile away. When the derecho hit the Washington, D.C. area in late June, it took out several high-traffic web sites not because they were located there but because they used hosting services provided by Amazon, which were taken out when the power went down in the area for several days. It may not sound like a big deal, but when your business depends on a web presence, a multi-day outage can be a huge problem. Now, imagine if that storm had taken out a bunch of cloud servers and made it impossible for individuals and businesses unaffected by the storm to access their data for several days.
Personally, I’ve never been entirely convinced of this idea of offline data storage and backup. Convenience aside, there are serious issues concerning security that any business that would take advantage of these kinds of services ought to take into account. In my profession, we have an ethical duty to keep client confidences secret, and that includes anything in a computer that might constitute confidential information, the same goes for people in the medical profession. How could I possibly be assured that online data storage or backup would be secure enough that no third-party would ever be able to access it? If I mess that up, it becomes a serious enough ethical violation that loss of license is not beyond the realm of possibility. For other companies, why would they possibly consider storing potential trade secrets offline unless it was in a location that they had control over?
Then you come to the problem that Honan had, which is likely to become increasingly common as we connect more and more of our accounts and store more and more of our data in the cloud. As he admits himself, there are some steps he could’ve taken to make what happened to him far harder to accomplish, such as signing up for Google’s two-step verification system which is quite honestly the best way to make sure the password to your Google Account is safe. I’ve been using it for the better part of a year now and, while there are inconvenient like having to re-verify yourself every 30 days or so, it does provide a certain piece of mind in that it makes it virtually impossible for someone to hack into your Google Account without you know about it. As an Android phone user, that’s an essential level of security. Honan’s Wired colleague Kim Zetter gives several more examples of how you can prevent yourself from suffering his fate. Many of them are standard-issue online and computer network security rules that we’ve all heard before, but which many people seemingly ignore.
For me, Woz’s warnings and Honan’s data disaster just reinforce the doubts that I have about the entire cloud concept. I like the idea of being able to access my music, and maybe someday more, from anywhere but I still maintain copies of everything on my computers at home. More importantly, there’s some data that I will simply never release into the cloud no matter how convenient it is. Confidential client data, obviously, but also anything involving finances, family, or anything personal that I wouldn’t want to fall into the wrong hands. It’s my data, and I want to have control over it. A bit over cautious? Perhaps, but I’d rather be safe than sorry.