X
Business

Is iCloud's 'Epic Hack' a game changer?

Steve Wozniak has expressed concerns about the security of the cloud, predicting "a lot of horrible problems in the next five years" but Rob May, CEO of Backupify, respectfully disagrees. Who's right?
Written by Jason D. O'Grady, Contributor
Did the iCloud breach change your opinion of the cloud? Jason O'Grady

Recent breaches at DropBoxAmazon and iCloud have raised new concerns about the security of personal data stored on cloud services. But there are two sides to every story.

Apple co-founder Steve Wozniak expressed his concerns about the cloud to the Associated Press fearing that consumers have signed away content they would otherwise own after buying and warned of horrible problems the could result after migrating to the cloud:

“I really worry about everything going to the cloud,” he said. “I think it’s going to be horrendous. I think there are going to be a lot of horrible problems in the next five years.”

He added: “With the cloud, you don’t own anything. You already signed it away” through the legalistic terms of service with a cloud provider that computer users must agree to.

“I want to feel that I own things,” Wozniak said. “A lot of people feel, ‘Oh, everything is really on my computer,’ but I say the more we transfer everything onto the web, onto the cloud, the less we’re going to have control over it.”

Backupify's CEO Rob May takes issue with Woniak's analysis and respectfully disagrees:

Those that say you'€™re giving up control when you use the cloud must realize that there are easy fixes to controlling your data when it resides on a cloud environment. One of the easiest and best fixes is having a cloud backup in place.

In the on-premise world, backup is about mitigating against the risk of data loss. In a cloud world, backup is that plus more. In a world where your data lives in the cloud, backup is about keeping control of your data. When you have a secure second copy, you can sleep better at night knowing that no matter what happens to your cloud provider, your data is still safe.

Do you really need a backup of your cloud backup? What happens if that "second copy" gets hacked? Is it another insurance policy on your cloud data or another potential vulnerability?

In light of the tech journalist Mat Honan's Epic Hack Apple has suspended Apple ID password resets over the telephone and Amazon has closed the "last four-digit" loophole that allowed hackers to gain access to iCloud account.

But is it enough?

I still have faith in cloud services, provided that they're used with fair deal of precaution, as I outlined in yesterday's post. I'm more dubious of online backup services because they tend to be slow (nothing beats a local HDD or SSD backup), they're not bootable, lack of control and the potential privacy issues (Dropbox, anyone?).

Honan's exposure of iCloud's porous password reset criteria sent shockwaves through the Mac community and I fear that another high-profile hack of a widely used service (like Google Drive) could do permanent and irrevocable harm to the cloud as a platform.

What's your cloud data storage strategy in light of recent events? Have you changed anything about it? Chime in the Talkback below.

Updated: Gytis Barzdukas, Senior Director of Product Management, Mozy added this statement:

"Steve Wozniak's issues with pushing everything into the cloud appear to revolve around two concerns: the location of the data, and the ownership of the primary version of data. In terms of location, Mozy believes that the best solution is to offer what might be termed a 'hybrid' solution. This is where data is stored both locally and in the cloud. In Mr. Wozniak’s scenario, an individual licenses content such as a book or music from an online service and the content owner revokes the license, blocks access, or remote-wipes a device -- such that the individual can’t access that data anymore. Because the individual is licensing information, the primary (or perhaps only) version of the data exists in the cloud and only a copy of the data is stored locally. Mozy inverts this model with the primary copy of the data being stored locally (i.e. on devices) and a copy of the data stored in the cloud. It's a clean relationship where the user owns the data and takes ownership of the data on their device(s). If the user has the data on their primary device, Mozy will have it in the cloud and the individual can access it from any other device or even sync it across multiple devices. Changes made to the primary data will be reflected in the cloud, with snapshots of previous iterations of the data held so that individuals can restore anything they lose or which becomes corrupted.
"In terms of Mr. Wozniak’s second concern, ‘signing away’ ownership, Mozy never asks its customers to enter into any such agreement. Our privacy commitment is very clear about this. As a customer, your information is yours and yours alone, not ours. We never sell your information to anyone, index it to enhance public search algorithms, or claim rights to use it for other purposes, nor do we sell information about you. We never share your information with anyone unless you explicitly tell us to. We never sift through your information in order to create a profile of you or target advertising. You can always retrieve your information, and once you leave our service—while we are sorry to see you go—we do not retain rights to your information. "Finally, it should be noted that what happened in this case involved not only storage in the cloud, but also social engineering; particularly the use of social engineering to gather personally identifiable information and then build links between various accounts where data was solely stored in the cloud. Storing information in the cloud is not something uniquely insulated from social engineering attacks and we applaud the fact that Google and Amazon have changed their processes to limit these as vectors of attack for other customers.
"In short, Mr. Wozniak appears to be worried that the cloud puts data at risk. In a cloud model where the only version, or primary version, of your content is in the cloud there is indeed risk. But the beauty of the cloud is that there are multiple approaches in terms of how you can use the cloud to effectively manage your data across multiple devices. With the Mozy model, the approach differs from the scenario that concerns Mr. Wozniak. We use the cloud as a protection mechanism to provide a secondary copy data owned by the individual which already exists elsewhere, and then use the cloud to enable that individual to access the content from the cloud. With Mozy, the customer owns their data, and no one and nothing can take it away."

(I also reached out to online backup providers Carbonite for comment and will update this post with their comments.)

Editorial standards