An architectural risk analysis can analyze whether the access methods are susceptible to an attack. The ability to socially engineer one’s way into the accounts was.Ĭloud storage is a tool, and just like a hammer, it may not be appropriate for all situations and can be harmful if used improperly. The fact that the compromised information was stored on the cloud wasn’t the problem. In practice, the cloud is a data center hosted by another company, and their security is only as good as their patch levels, access controls, and authorization methods. Marketing teams will tell you that data stored on the cloud is perfectly safe and outsourcing the data also means outsourcing the worries. This is a topic studied at the federal level and in academia as well. Some of these questions are obvious: Would the individuals have been safe if they were on one cloud provider versus another? Others are less obvious: How rigorously should a data retention policy be applied to data? Is our data safe in cloud storage? Cloud storage security issues for businessesĮxamining this release allows us to tease out a variety of questions businesses can ask themselves about the data they are storing in the cloud. Allowing web browser access with a potentially recyclable username/password combo is a weak point akin to securing a supermax prison with a TSA-approved luggage lock. Instead, their data was compromised via password-reset / security-question social engineering methods. It is almost a guarantee none of the individuals were using 2-factor auth if available to them. They had no idea their private information was being traded below the radar. The victims may have been compromised a year or more earlier. This anonymous bidder released the information publicly instead of continuing to use the information privately. A group of individuals, using a variety of social engineering-based credential/account compromises and more sophisticated device/service hacks on high-value targets, sold information of a private manner to the highest bidder. The biggest public reaction was “OMG! they hacked our phones and got our selfies!” But corporations should be thinking about the circumstances that led to that weekend’s leak. But even though businesses aren’t usually the target of this kind of leak, there are still lessons applicable to businesses who elect to use cloud storage for data. The data leak can be traced back to personal devices and Apple iCloud. On Labor Day weekend of 2014, a number of photographs of a personal nature were released to the public. Nothing.The 2014 iCloud photo leak can be traced back to personal devices, but businesses who use the cloud should take note of these cloud storage security issues. There is nothing on their servers that will aid an attacker to gain entry into your vault. And, I repeat: Bitwarden is a zero knowledge architecture. You don't have automatic backups with off-site storage. You don't have a dynamic firewall with push alerting to 24x7 sysop staff. In terms of availability, unless you have millions of dollars in play, you don't have a data center with computer friendly fire suppression, 24x7 security, locked server cages, full UPS power supplies with automatic gas generator backup, redundant networking, and automatic fail over computers in case of hardware fault. There are some good reasons for that and some bad ones.Īmong the bad ones, commercial hosting does not reduce security, and it increases reliability.Īctually, self hosting can decrease security, unless you have IT professionals updating your containers for vulnerabilities, like the recent Dirty Pipe exploit. : I also REALLY would prefer to not store my passwords on another companies server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |