Tag Archives: cloud security

Who is at Fault when the Cloud is Hacked?

Online backup hacks such as the infamous iCloud celebrity hacking have opened up many concerns about cloud security. Hacking is a cybercrime and anyone who uses the internet can be a victim.

When the ill-fated incident happens to you, where do you put the blame: on yourself or on your online backup provider?

Accepting Your Responsibility

There is a personal violation when your account is hacked. This is regardless if the damage done was an isolated event or a system-wide breach. It’s a human reaction to get mad. After all, it’s an invasion of your privacy and a break of your trust. But you also have to assess the situation and retrace your steps to see if you failed on your responsibility to be vigilant in protecting your files.

It’s important that you read the fine print on your online backup account. Most of the time, people dismiss the “Terms and Conditions” of products or services offered online. And when something unfortunate happens, they belatedly learn that it’s in the agreement that the vendor will not be responsible for any security breach.

Also, on an individual level, it’s your responsibility to protect your device against hackers. There are numerous security products you can get for free to ensure the safety of your computer or tablet. Through these security products, you can guarantee that no invasion happens when you’re using your cloud account.

Expounding your Cloud Provider’s Obligation

When your online backup account gets hacked, your backup provider isn’t 100 percent faultless. At the very least, the vendor has the obligation to investigate the breach. Your cloud vendor must also identify the weak part of their system where the invasion originated. Paying for damages may happen, depending on their agreement with you. If needed, ask for legal assistance so you’ll know what to expect from your vendor and how to proceed after an attack.

No one is blameless when a hack happens. But you and your cloud provider can take extra precaution to prevent this from happening.

How Long Can Servers Hold Off Cloud Hackers?

cloud hackers

Just to see how vulnerable cloud services really are to potential attacks by cloud hackers, CloudPassage, a security company, built an elaborate setup that consists of four servers with Linux-based operating systems and 2 servers using Microsoft operating systems. Loading these up with a variety of commonly-used programs, they invited hackers to break into the system, offering $5,000 for the winner.

All it took was four hours. Gus Gray, a novice who is still working on his bachelor’s degree in computer science while working for a technology company at the same time, just thought he’d fiddle around with the system because he didn’t have anything interesting to do.

So what was CloudPassage hoping to achieve with this experiment? Andrew Hay, CloudPassage’s director for applied security research, says that they wanted cloud users to realize how vulnerable they really are if they do not consider adding security measures to their default setup. “The cloud is cheap and efficient, which makes people want to use it. However, they do this without thinking about the security risks,” he says.

Of course, all these would prove to be beneficial to CloudPassage considering that they offer security services for cloud users. For those who are still not interested in getting the additional security, remember that loss of data is also caused by poor human judgment most of the time. Gus Gray, for example, was able to hack into the system after merely guessing the administrator password. This calls for stringent measures that users themselves can do, such as veering far away from default passwords and creating unique passwords that would be impossible for anyone else to guess. Changing these passwords over time would also be necessary to keep the security in the same level for a long period of time.

As for Gus Gray, the first thing he did after hacking the system was to go back to their office and check their own system for similar vulnerabilities.

It is normal for people to fear for the safety of their data, especially when you consider how attacks of cloud hackers seem to appear here and there. This makes it especially difficult for those who do not have a thorough background in cloud computing and technology as a whole, especially when hacking is blamed on the provider’s security system without considering human error and judgment. Just like the controversial iCloud incident, the term “hacked” was carelessly used, considering that the people behind it used phishing to get login credentials that would give them access to the information. Although people argue that Apple should have kept a two-step security check in place before the incident even occurred, the data centers remained secure throughout this incident.

Regardless of all the technical details surrounding such incidents however, it still remains that security should always be the first thing on people’s minds when they consider using cloud services. After all, you never know what trick cloud hackers are going to pull off next.

What about you? Have you considered adding security measures on top of your system’s default, or have you been keeping a tight watch over your system that you’re sure no one will be able to get in?