Small Business should not Trust the Cloud too Much

Cloud security continues to be a lingering issue in cloud computing adoption. As more and more small businesses are jumping into the cloud bandwagon – partly due to marketing pitches made by cloud service providers – there will be more hacks coming up, for sure.

Sadly, people are often integrating the cloud into their daily life without really know about the consequences – this includes small business owners and/or decision makers. Actually, if you read a bit more about cloud security, you will soon realize that cloud computing is yet another form of computing. And when it comes to computing, hacking has always been a part of the mix.

cloud security issues
Image by FutUndBeidl / Flickr

Mat Honan story

Last week was a revelation to Mat Honan, a Wired Magazine senior writer who has just got his Apple iCloud account hacked – “thanks” to the security flaws in Apple’s and Amazon’s customer service procedures. You can find the full story from Honan’s article.

What has happened was this: The hacker assumed him/herself as Mat Honan, make use of the loopholes in Amazon customer care – then AppleCare – to gain access to Honan’s account. The hacker then wiped everything inside Honan’s Apple iCloud account – including everything stored in his iPad, iPhone and PC. The hacker also erased Honan’s Google account, and has attempted to take over Honan’s Twitter account.

Fatal.

My very own story

On a much smaller scale, I have experienced what Honan did; 3 months ago I have my Google account hacked. Seriously, writing about it still gives me a chill.

I was about to log into my Google account and found that I can’t do so because my password was changed some moment ago. I then follow through Google’s guide to get my password recovered. I received a new one via SMS and I was able to log in.

Alas, I found out that – although my Gmail and some other Google services I use were left unharmed, my Google+ account wasn’t that lucky. I have my Google+ account erased – including several Google+ Business Pages I have.

You know what, it’s super simple to delete a Google+ account – just log into your Google account, choose setting for Google+ and there you go: You will find an option to delete everything with one push of a button.

I’ve contacted Google+ via their feedback form, but I received no reply. Oh well… I didn’t blame them. It was my mistake. How so?

Lessons learned: Change your password often and backup, backup, backup!

What I learn from my incident – and Mat Honan’s – is this: You should take a much more serious action in backing up your sensitive data. In theory, I know I need to backup everything on regular basis. But for some reasons or another, I am being lenient toward safety measures related to my data – even though I run my business online.

What’s more, although I know the fact that we need to change our passwords on regular basis, I didn’t do it. I know I should change my password regularly with those different from what I’ve been using for my other apps; I know I should use uppercase, lowercase and numbers to make it difficult to break. But I didn’t do it.

It’s easy for me or Mat Honan to blame Apple, Amazon, and Google for letting hackers stole our account. However, we do share our mistakes. As D’Arcy Norman said in response to Honan’s hack attack, “Why the **** didn’t you have a backup?”

The second lesson learned is this: From time to time, we always blame the technology for not being reliable. Cloud computing is powerful, but just like any other computing forms, it’s vulnerable to attacks, even though it is said to be more secure than the non-cloud counterparts.

The main problem is not in the cloud technology, really – it’s, again, the force majeure – and the human factor. Customer service policies and procedures need to be more careful in handling everything with regard to personal information, including login details. The staffs are also need to be more aware about cyber crimes, and how they are using the procedure loopholes to gain access illegally.

And from time to time again, never ever write down or type your customers’ credentials for whatever reasons – because if it was stolen, the impact would be devastating.

Indeed, cloud security is the responsibility of both cloud vendors and their clients. Pointing fingers won’t work; things happen and we can’t turn back time. Rather, it’s best to collaborate in securing the cloud services.

So, what do you think – should small business trust the cloud or not?

Ivan Widjaya
I trust the cloud – with an asterisk