{"id":3961,"date":"2014-09-08T10:00:30","date_gmt":"2014-09-08T14:00:30","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=3961"},"modified":"2020-02-26T18:59:03","modified_gmt":"2020-02-26T14:59:03","slug":"misunderstanding_the_cloud","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/misunderstanding_the_cloud\/3961\/","title":{"rendered":"Foggy Perceptions of the Cloud"},"content":{"rendered":"

The past few days have been a bonanza for online privacy geeks following a breach of iCloud data<\/a> including compromising photos of a number of A-list celebrities including Jennifer Lawrence, Kate Upton and others.<\/p>\n

\"Foggy-Perceptions-of-the-Cloud\"<\/a><\/p>\n

I\u2019ll assume you haven\u2019t been living under a rock, and won\u2019t waste your time with the details. If you\u2019ve just come back from an off-the-grid vacation, you can get the gist here<\/a>.<\/p>\n

The underlying problem here does not arise from whether iCloud (or any other Apple service) was breached, if a vulnerability in \u201cfind-my-iphone\u201d was exploited or what tool was used to do the dastardly deed.<\/p>\n

Even when something isn\u2019t free, more often than not the same issues persist, because the premium that makes something \u2018other-than-free,\u2019 isn\u2019t about security or privacy.<\/div>\n

The real issue is that most consumers have no idea what data is sitting in the cloud somewhere. And among of those that do know, almost nobody can tell you where that data actually lives, who has access to it or how well protected it actually is. I can wager a pretty solid guess as to the level of Jennifer Lawrence and Kate Upton\u2019s cyber-privacy awareness, but I submit that even those who are the most cyber-aware still can\u2019t achieve much separation from the Lawrences or the Uptons in this discussion.<\/p>\n

Consider the ever-changing services that the various tech giants (Google, Facebook, Apple, etc.) offer. Consider as well their ever-changing privacy policies and settings. And that fails to account for the never-ending cycle of vulnerability emergence and security updates, the latter of which often relies on unwilling and uninformed consumers, but this is largely beside the point. The point is, you just can\u2019t keep up!<\/p>\n

A few years ago, one of my colleagues became the victim of exactly this phenomenon. It was around the time Apple first started enabling iCloud on all iOS devices. My colleague took part in the following exchange with one of his friend\u2019s via iMessage:<\/p>\n

Friend: Where we meeting for drinks tonight?<\/em>
\nColleague: Don\u2019t care. Anywhere that\u2019s close and has at least one hot bartender.<\/em><\/p>\n

Pretty benign, right? Well not so much, because exactly that same day the iCloud synchronized all iMessenger data across all of his iDevices. I imagine you can see where this is going. At any rate, my colleague\u2019s texts land on his son\u2019s iPad. His son then brings that iPad to his mom. And well, you can just imagine what ensued.<\/p>\n

To be clear, Apple has since (sort of) addressed that little glitch. And most tech-savvy parents have gotten wise to shortcomings in the assorted \u201ciSpend\u201d services, establishing separate accounts for the kiddies.<\/p>\n

The questions remain: Where is the data? Who has access to it? How is it secured?<\/p>\n

Regarding the security of cloud services (particularly consumer cloud services): authentication stinks and can be hacked using simple social engineering or off-the-shelf hacking tools requiring zero technical talent; two factor authentication is available, but, frankly, it stinks too (primarily because of its inconvenience).<\/p>\n

Beyond that, the users have no idea what is theirs and what is not, in part because no one, and I mean no one<\/a>, reads the end-user-license agreement. And of what is (or should be) theirs, it\u2019s practically impossible, or at the very least difficult, to control or manage.<\/p>\n

Now you may say, \u201cThat\u2019s the price of Free,\u201d and you would be neither the first nor last.<\/p>\n

That may be a fair argument, but we\u2019re living in a world where free is difficult to avoid. Even when something isn\u2019t free, more often than not the same issues persist, because the premium that makes it other-than-free, isn\u2019t about security or privacy.<\/p>\n

To that end, the fact is that those fancy iPhones, Macs and iPads that are quietly transmitting your data up to the mythical cloud, which you should understand is really just some server in Cupertino, California (or more likely somewhere with lower property value), are far from free.<\/p>\n

Consider for a moment the world of online productivity tools. If you\u2019re a small business or an employee at a small business and you\u2019re not using these then you\u2019re spending more than you need to. Thus, a lack of productivity tool use puts you at a competitive disadvantage.<\/p>\n

Like everything involving the Internet and computers, these tools create, transmit, store and otherwise traffic in data, but where is the data? This is a big issue if you\u2019re doing business in someplace like, oh, I don\u2019t know, Europe. Is the data being indexed? Who has access to it? Could those indexes be cross-tabbed by, let\u2019s just say, some government somewhere? Or worse, a competitor? This scenario is precisely why it is so stupid to say that those with nothing to hide have nothing to fear, because \u201cthose with nothing to hide\u201d simply do not exist. Hidden is not a synonym for criminal.<\/p>\n

These are big problems that are only going to get bigger, and the small business allegory above can be adapted to your personal life: where does the data from all those free health applications live? Who gets to see that data? When will it begin to affect the amount of money you pay for healthcare? Consumers and business will become more savvy to the issues. If you\u2019re a marketer at Facebook, you\u2019re aware of this already. How are those Facebook Messenger downloads going?<\/p>\n

But feigning outrage isn\u2019t the answer. Apple and others are making beaucoup bucks on services that sit squarely on these shortcomings. Okay, Apple, maybe it was an Advance-Persistent-Threat-Class attack on media darlings Jennifer and Kate as you insinuated in your statement<\/a>. However, what is advanced today will be commonplace by the time you finish reading this article. We\u2019ve all got serious problems and we ought to admit it.<\/p>\n

At Kaspersky, we\u2019re acutely aware of these problems. We think about it<\/a>. And we know that while our bread-and-butter, endpoint security products, may reduce some of the risk<\/a>, we also know they aren\u2019t the whole answer. We\u2019ve got work to do. Who wants to help us?<\/p>\n

Most consumers have no idea what data is sitting in the #cloud somewhere #iCloud<\/p>Tweet<\/a><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

The Apple iCloud nude celebrity photo fiasco underscores the uncomfortable reality that even the savvy among us aren’t totally sure about what goes on and into \u201cthe Cloud.\u201d<\/p>\n","protected":false},"author":370,"featured_media":3962,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,1485],"tags":[14,787,314,777,43,97],"class_list":{"0":"post-3961","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"tag-apple","10":"tag-cloud","11":"tag-data-breach","12":"tag-icloud","13":"tag-privacy","14":"tag-security-2"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/misunderstanding_the_cloud\/3961\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/misunderstanding_the_cloud\/4059\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/misunderstanding_the_cloud\/4441\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/misunderstanding_the_cloud\/4701\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/misunderstanding_the_cloud\/5124\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/misunderstanding_the_cloud\/5935\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/misunderstanding_the_cloud\/4754\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/misunderstanding_the_cloud\/5124\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/misunderstanding_the_cloud\/5935\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/misunderstanding_the_cloud\/5935\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/apple\/","name":"apple"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3961","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/370"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=3961"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3961\/revisions"}],"predecessor-version":[{"id":15909,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/3961\/revisions\/15909"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/3962"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=3961"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=3961"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=3961"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}