The phrase, "All your base are belong to us" was a popular Internet meme back in the day, and is still around even today. In the video, an ominous alien proclaims that he owns all of the bases and that there is "no chance to survive." Today, it's probably safe for the overlord to say, "All your data are belong to us," because almost everything we have is stored in the cloud as we relinquish more and more control of our data to third parties.
There's no question that everyone loves the idea of being to access all of their data at any time. From being able to quickly download documents from OneDrive to being able to view images from Flickr, the ability to access and share our data is second nature to us now. Unfortunately, most people think that because the data is housed by a large company like Apple or Microsoft, and that access is protected by a really secure password, that their data can only be accessed by those that the user wants to allow access to.
That is a major fallacy, and this past weekend proved it.
Despite the latest in a string of data breaches, we still trust our data in the nameless, faceless cloud at an ever increasing rate. For example, according to research done in 2012, over 48 hours of video is uploaded to YouTube every MINUTE.
However that's data that people are willingly putting out on the Internet. What about the data that people think is private, or even worse,
our phones are configured to automatically upload aren't aware is even syncing to the cloud? As an example, our phones are routinely configured to automatically upload pictures and videos to Apple's and Google's cloud unless explicitly disabled, and in many cases the files online aren't actually removed from the cloud when deleted from the device. This is great feature if you accidentally remove something, but can leave you exposed if you're unaware.
Even if the data is secure, there's also no guarantee that the company housing the data will keep your data secure from both internal and external threats. Do you read all of the the Terms of Service agreements before using an online service, and then again every time they're updated? If not, you risk companies slipping verbiage past you that takes away your ownership rights or worse.
The question to ask is whether we should trust our data in the cloud. The answer isn't as straight forward as it may initially appear, regardless of what side of the argument you fall on. If you believe we should trust the cloud, the photo leaks this weekend have to give you pause. On the other hand, if you believe all data should be housed yourself, there's still risks if it's available to the Internet, something the SynoLocker attack showed all too well.
The answer is somewhere in the middle. It's true that companies like Apple need to beef up their security, but in today's day and age, passwords are no longer enough to protect your data and two-factor authentication should at least be an option anywhere our private data is stored. Apple is telling people that iCloud has two-factor authentication, but according to their own documentation, it only prevents changes to an account, not the actual downloading of data contained in the account.
Storing data within your own "private cloud" using one of many different NAS offerings (we've reviewed many of the devices here) is a great idea too, but if it's available online, you're just shifting the security requirements to yourself. While you won't have to worry about an insider stealing your data, you still have to worry about hackers trying to take it.
A defense in depth strategy is the best way to protect your private data no matter where it lives, and that means in addition to protecting it with a strong password and two-factor authentication,
"As security increases, usability decreases"important information should be encrypted as well. Backup companies like Crashplan figured this out a long time ago: When you setup your account, you create an encryption key so that the data on their servers isn't readable by anybody. If someone guesses your username and password and download your files, the only thing they have is an encrypted container. Without the decryption key, the file is useless. However the old saying that "as security increases, usability decreases" rings true here, and it's doubtful that many users will want to go through that extra step to access their data.
Dozens of celebs -- among them Jennifer Lawrence -- got a crash course in proper securing of data.
The initial uproar about people stealing nude photos from celebrities will soon die down and be forgotten. Most users will say, "That will never happen to me," and be on their merry way. And the amount of data we entrust to nameless, faceless third parties will continue to increase until it's true that, "All your data are belong to us."
Jennifer Lawrence image via moviepilot.com | Cloud image via Shutterstock