One of the comments I received on my article on lessons learned from a fairly public online hacking was very concise:
“That’s why the cloud is dangerous.”
I think a lot of people feel that to varying degrees.
I disagree strongly.
I also think believing it is, prevents you from taking advantage of the things that “the cloud” can do for you – things like protecting your data…
… as well as a number of things you’re already doing and have been doing for years.
What is “the cloud”?
I have to start by throwing away this silly, silly term, “the cloud.” It’s nothing more than a fancy marketing term. Ultimately, it has no real meaning.
The cloud is nothing more than services provided online over the internet.
Seriously, that’s all it is.
Another way I saw it recently was this: “‘The cloud’ is simply using someone else’s computer. “
Be it services that provide a place to store your data, enable you to communicate with others, provide applications, sell you things, or answer your technical questions – it’s all happening in the cloud.
That’s nothing new.
The cloud is new in name only
You’ve probably been using online services long before anyone thought to slap the name cloud on ’em.
- Do you have an online email account like Outlook.com or Gmail? You’re keeping your email in the cloud.
- Do you use any kind of email? It gets from point “A” to point “B” through the cloud.
- Do you upload pictures to a photo-sharing site like Flickr, Picassa, or Photobucket? That’s the cloud.
- Do you use an online backup service? You’ve been backing up to the cloud.
Hopefully, you get the idea.
I really, really want to drive home the point that this thing people are calling the cloud is nothing new, and you’ve been using it already – probably for years – and almost certainly before that silly name was attached to it.
So let’s jettison the name and all the baggage comes with it, and call this what it really is: online services.
OK, fine. But is the cloud dangerous?
No more so now than it’s ever been.
In fact, I’ll claim that online services become, on average, safer than ever before as service providers learn from mistakes and implement industry best practices.1
If anything has changed at all, it’s the breadth of available online services and the number of people using them.
The fact is that any tool, when misused, can be dangerous.
For example, placing sensitive information in your online email account (and only your online email account), and then not using proper security on that account, is absolutely dangerous, and always has been. It’s not that online email accounts are dangerous. The danger arises from using them improperly.
The same is true for any online service, be it those generating the latest buzz or those you’ve been using for years.
But we’re at the mercy of service providers
At this point, many folks will point out that the security breaches that we hear about are often the fault of, or related to, a problem at the provider of the service in question.
Many are, it’s true.
But you know what? That’s not new either.
As long as there have been service providers, there have been mistakes, breaches, and policy screw-ups at service providers.
I’m not (not! not! not!) trying to excuse service providers for making mistakes or screwing up. Every fiber of their corporate being should be working to prevent security-related errors and mitigate the impact when they happen.
But the reality you and I have to deal with is that ultimately, service providers are staffed by humans, and humans make mistakes. Saying mistakes should never happen is unrealistic.
Worse, it’s extremely poor security planning.
Besides, when it comes to security issues, we are most often our own worst enemies.
No one can protect you from you
Mat didn’t lose his data because of the breaches he experienced.
Mat didn’t lose his data because of problems with the online services (even though there definitely were issues).
He lost his data because he wasn’t backed up. Even if he had not been hacked, he was at high risk of losing everything anyway, had he lost his laptop or experienced a simple hard disk failure.
Had he been backing up his data, I’m betting that there wouldn’t have even been a news story.
On top of that, the hack reached as many of his accounts as it did, because he had linked all of his accounts together. Mat helped the hackers get to his accounts.
No, the lesson here isn’t that online services are dangerous. The lesson here is that we have to assume responsibility for our own safety.
And I’ll say it once again: this is not new.
How to use online services safely
Using online services safely really boils down to not much more than the guidelines we’ve all heard before, plus maybe one or two new ones.
All, of course, augmented by a dose of common sense.
- Back up. If it’s only in one place, it’s not backed up.
- Use strong passwords, and set up and keep current all account recovery information. Use extra security, such as two-factor authentication, if supported.
- Understand the security ramifications of using someone else’s computer, or someone else using yours.
- Understand how to use internet connections provided by others securely, especially open Wi-Fi hotspots.
- Don’t link your important accounts together in such a way that breaching one opens the door to all of them; use different passwords (and perhaps even different email addresses) for each.
- Keep your software up to date, scan for malware, and all of the other items commonly listed to keep your computer safe on the internet.
Only the part about using different email addresses for different accounts is relatively new – everything else should sound really, really familiar.
It really can be safe
To be clear, there’s no such thing as perfect security, and that’s true whether you keep your information securely locked away only on your own computer in your bedroom, or if you store it in the cloud. There’s always something that can go wrong.
But by following basic security guidelines, there’s no reason that most of the common, popular online services can’t be used safely – at least as safely as the services you’re already using.
Used properly, they can even add security by providing things like additional backups, throw-away email accounts, data replication, and more.
You do have to assume responsibility for your own security, and that includes not only taking reasonable precautions to prevent a problem, but also taking additional steps to minimize the impact should an issue arise.
Yes, you can avoid online services all together (just remember that means walking away from email as well), but you’d be missing out on so many of the opportunities the internet has to offer.
Rather than asking “Is the cloud dangerous?”, learn to use it safely. I believe in the long run, you’ll be much better off for it.
I know I am.