Jennifer Lawrence, Kate Upton, and numerous other celebrities have been exposed in a series of racy photographs and videos many of which they took themselves. People with extraordinary talents and prurient interests subsequently stole them from cloud services (iCloud). The obvious lesson here is don’t take pictures you don’t want mom to see. Followed closely by “use a secure password” not some english word, or your dog’s name. Unfortunately, while the subject might be giggle-worthy to some, there is a lot of information sitting online that is far more important.
The reality is that cloud security is a misnomer, there is nothing safe about it. This was long touted as the reason why corporations and consumers would avoid these services, but the cost and convenience advantages were too big to ignore. Let’s face it, it sure is nice that pictures from your iPhone and digital camera automatically sync with your home Mac, Ipad, and Apple TV. It is a slick feature with tangible consumer benefits, ultimately designed to make your life easier. Unfortunately in many instances this ease-of-use results in a loss of privacy.
We have gotten very good at creating a share-driven society, where information is publically accessible, and easy to get access to. The largest services on the Internet are entirely geared to getting the word out or disseminating pictures and video. The problem is that we don’t want to share everything, there are things we want to keep private, but this data is seamlessly mixed with everything else. We don’t have the strict separation required to protect us from rogue selfies, let alone personal and corporate identity theft.
Cloud security is a lot like the donuts above. Each donut represents a different organization. Every time you use a cloud service you are traversing multiple service providers, each with their own security practices and limitations. In the donut analogy a lot of money is spent on the exterior surface, perimeter security, but very little is spent in the interior. The problem with this model is that the interior of these organizations is rather porous, multiple parties have access to the data and systems of each company in the chain. This greatly increases the attack surface, and makes it much more difficult to isolate and protect consumer data.
Cloud data services are often constructed in a similiar fashion. Take data. Throw data on drive. Put permissions in database. Add password. Done. This is a recipe for data-leakage and compromise. It is the easy way to build software, that pays homage to good security practices while ignoring most of the hard work. Consumers and businesses don’t have the expertise to determine if their service providers are doing the right thing except when things go wrong. This should be a wake up call for Apple. No matter how they shift the blame away from their systems, in the end they are partially responsible for this type of data leakage because of poor security practices. In this event the end result was mild public embarrasment, but what is the cost to a company if their data gets leaked? What about compromising photos of their executives? Data can be extremely damaging, costly, and outright dangerous in the wrong hands.
So how do we solve this problem? Designing services from the ground up helps you create a sound methodology for data security. Clearly with the investment already put into existing cloud deployments we can’t simply replace them. Apple can take a page from it’s own playbook here and institute device-centric encryption. They already use a variant of this for their iMessage product. Granted the scale of data is not comparable, but we have a mechanism for boxing up data its called symetric encryption. The pervasive and less sexy cousin of public key cryptography, simply encrypting the data perhaps with the biometric thumb print in the new IOS would prevent a wide range of data abuse.
Ultimately you want to provide a seamless experience to the user while also protecting them from internal and external threats. Device and user-driven encryption can do this without compromising usability. In this instance the iCloud attackers may have gained password level access to icloud, but without these secondary biometric markers would have been unable to decrypt the incriminating selfies.
I would be remiss if I didn’t at least mention my own encrypted transfer service which is integrated directly into Gmail and Google Apps via a Chrome plugin. You can check that out here. Ultimately we need to demand better accountability for private data from the firms we have annointed as our digital shephards, and they have the expertise and the technology to provide a better, safer experience online.