Lessons from Apple iCloud Data Leak
Published 11/19/2014
By Paul Skokowski, Chief Marketing Officer, Accellion
The theft of celebrity photos from Apple iCloud is a stark reminder of the need to think twice before storing data. For many people using a Mac the default behavior is to automatically back up and save data to iCloud. It's wonderfully appealing and convenient and seamlessly integrates into practically everything you do on the Mac. In fact it is so easy most people don't think twice about what they are storing and that is where the problem begins.
When I recently updated my Macbook it felt as if I was being repeatedly nudged, reminded, coaxed, and invited to store my data in iCloud. Saying "no" to each of these invitations wasn't easy and most people cave in quite quickly, because they think "what could be the harm?" The recent Apple iCloud scandal clearly illustrates the potential risks. While in this case the target of the iCloud theft was celebrity photos, the theft could have been similarly damaging to a business if sensitive information had been stolen and shared.
One of the biggest concerns that companies have around cloud technologies is the security of their digital content. Personal pictures are one thing, but it’s important to remember that companies manage sensitive data ranging from upcoming product plans to employee personnel files every single day, and that it all needs be secured. That’s why, instead of allowing employees to use solutions such as iCloud for work-related information, companies must take the time to map out a cloud security strategy and deploy enterprise grade solutions to share and store their business data.
The Apple iCloud scandal offers several important lessons:
- Use Two-Factor Authentication: Two-factor authentication that requires the user to enter not only a password but also a one-time PIN sent to a trusted cell phone should be the default setting for cloud-storage services. While it is possible to set up two-factor authentication for iCloud, it was not easy or obvious how to do so. If the victims’ accounts had been configured to require two-factor authentication, the hackers would not have been able to log in even knowing the account passwords.
- Store With Care: While automatic backup and sync makes life easy, it is not always the best bet when you’re working with sensitive materials. For work, this sensitive information could include personal data from employment records, financial data, customer information or product roadmap details. Ensuring that sensitive material is only being saved into secure solutions is essential for sensitive work-related information.
- Trust Private Clouds: For the highest degree of confidence in and control over cloud storage, enterprises should deploy private-cloud solutions, so they are not at the mercy of the security practices (and security lapses) of third-party software providers.
So what do I use to securely sync and store my work information and make sure I have a backup?
I use Time Machine with an external hard drive to make sure I can easily restore all my content if my computer gets damaged or when I want to copy over all my content to a new machine. And to help me do my work on a daily basis I use kiteworks by Accellion for syncing and sharing information across my iPad, iPhone and Macbook since it encrypts all data in transit and at rest, supports two-factor authentication, and automatically detects and stops brute-force password attacks.
So next time that pop up window invites you to store data to iCloud - remember the celeb photos scandal and think twice. By deploying kiteworks on trusted private clouds, enterprises can greatly reduce their vulnerability to sensitive information being exposed.