Once again, I'm made aware of new cloud security issues by the ringing of my cellphone, as reporters look for a quote on a story. This time, the story had a few elements that made the new breach more exciting, including Apple and female celebrities.
It seems that hackers targeted celebrities using research and brute force to figure out how to access information in Apple's iCloud. According to reports circulating on the Web, the hackers managed to access backups on Apple's iCloud servers that occur each night to make sure that your lost or stolen phone does not lead to lost and stolen information.
[ Nude photos, phone records, NSA data offer essential lessons for admins. | From Amazon Web Services to Windows Azure, see how the elite 8 public clouds compare in the InfoWorld Test Center's review. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
Of course, the spin is that "cloud computing" failed and the cloud is unsecure. I hear these rants each time attacks of this type occur, no matter if it's truly a cloud service or, in most cases, internal systems that are somehow compromised. Because no one in the general media really knows what a "cloud" is, it's all a cloud to them.
Let's get this straight: All clouds and all traditional systems are vulnerable to attack. There's always some way to get in, even if it's scamming somebody to give up their user ID and password (the good, old-fashioned phishing method that was the actual cause of the "iCloud breach"), guessing passwords, or pushing your way in. There are many very effective security measures to lower the risks, but there is always a risk. Get over it.
For the most part, clouds are not part of the problem. Only a small percentage of systems and data exists on cloud-based platforms, and enterprises have taken care to lock them up pretty tight. Indeed, if there are any breaches, they seem to be associated with more traditional on-premises systems, such as the Target breach earlier this year and the Sony breach a few years ago. Of course, they are often portrayed as cloud issues, but they are clearly not clouds.
In the case of the iCloud breach, Apple can take steps to ensure this type of event is unlikely to occur in the future, such as tightening its second-factor authentication to make phishing less effective. (In fact, Apple plans to do just that.) However, when people are involved, there is always the element of human error. That's what phishing actually targets, and there's no technology cure for that ailment.
There's not a great deal we can do about that -- I don't think, for example, that celebrities would be willing to attend a cloud security class, where they learn how to pick solid passwords and recognize phishing emails. But their assistants definitely should!
This article, "Celebrities get phished, but the cloud gets blamed," originally appeared at InfoWorld.com. Read more of David Linthicum's Cloud Computing blog and track the latest developments in cloud computing at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.