The Biggest Cloud Computing Security Risk Is Impossible to Eliminate
August 10, 2012
Honan acknowledges that some random hacker couldn't have rolled up and eaten his whole digital life without help from the victim himself.
"Had I been regularly backing up the data on my MacBook, I wouldn't have had to worry about losing more than a year's worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location," he wrote in his Wired piece. "Those security lapses are my fault, and I deeply, deeply regret them. But what happened to me exposes vital security flaws in several customer service systems, most notably Apple's and Amazon's."
- Optimize Your SQL Environment for Performance & Flexibility
- Cobol Techniques For Today And The Future
White PapersMore >>
Unsurprisingly, Honan recommends against daisy chaining all your data-heavy devices to the same control account. More usefully, publishing his story prompted both Apple and Amazon to revamp security, at least to the extent of eliminating the specific gaps Honan's hackers exploited. Neither company required frequent password changes, secure passwords or two-factor authentication for anything. It wouldn't do any good, anyway.
Most end users--and most IT people, for that matter--aren't interested in going to the amount of trouble it would take to keep from being digitally gutted by the same hack that eviscerated Honan. No matter how many warnings they get, an astonishing number still use simplistic passwords (123456 is a favorite) and the same passwords for everything (easier to remember), and link as many accounts as possible (to avoid multiple logins).
In fact, single sign-on--the secure version of the same practice--has been the goal of dozens of major enterprise networking products. No one likes having to remember passwords or log in separately to every application or website. Apple, Google, Facebook, Twitter and most other consumer-oriented services count on that to get customers to agree to link their social networking accounts--a major marketing benefit to the vendors that offers users almost nothing good.
Last week, Apple co-founder Steve Wozniak got roasted for suggesting that relying on the cloud too heavily would result in "horrendous" consequences for end users.
"I really worry about everything going to the cloud. I think it's going to be horrendous. I think there are going to be a lot of horrible problems in the next five years," he said. "With the cloud, you don't own anything. You already signed it away."
Woz did get plenty of support from cloud haters, digital paranoids and from experts who realize the cloud is just as dangerous and filled with security flaws as any other Web service, data center or other computerized structure invented by and configured for the use of demonstrably imperfect humans.