Aided by the promises of low cost and ease of use, cloud-service offerings have proliferated among consumers in recent times.
The ability to access applications, store data and have them accessible on any device, anywhere is hugely compelling – so much so that security and accessibility to that information barely registers as a risk. For many, it is simply a case of download, click to accept the service terms (often without reading them), and off you go.
Such naivety, however, was highlighted in spectacular fashion this week as nude images of movie star Jennifer Lawrence and 100 other celebrities were leaked online after the cloud storage service on their Apple devices, iCloud, was hacked.
iCloud, which is used by more than 320 million people around the world, stores photos and other information in the cloud, allowing them to be accessed from other devices.
It is this convenient and quick-to-implement end-user experience that has also driven the use of similar cloud services in businesses. As consumers experience convenient ‘app IT’ on their own devices, they demand a similar experience when using work IT. But, of course, it’s different for businesses.
Enterprise IT works to defined service levels, availability clauses, security and confidentiality agreements. These are either internal agreements from IT to the users, or most often commitments made to customers.
Not only is this done as good/best practice, but often breaches result in penalties or fines imposed by regulators. For example, loss of confidential customer data can attract a fine of up to £500,000 from the UK Information Commissioner’s Office.
When it comes to using the benefits offered by the cloud, business also need to understand the risks and make decisions not just based on convenience and lowest price, but also to consider the standards expected and demanded of them by their customers and users.
IT services firm Phoenix says businesses should answer several questions when considering cloud storage and backup: Is the data encrypted from source and then also when stored in the cloud vault? Is the service accessed via public cloud access or private cloud access? Where is the data held (in the UK or elsewhere) and what legal jurisdiction is it covered by? Is the service monitored with alerts for uptime and activity 24/7? And what quality and security standards does the provider offer for service, infrastructure and data?
‘I think this could be a watershed moment for cloud service,’ says Mike Osborne, head of business continuity at Phoenix, of the celebrity photo leaks. ‘Many individuals and firms have dashed to use the cloud without proper thought for the potential risk.
‘The talk previously has been about how much cheaper one cloud service is compared to another – it’s dropped so far that components such as security and risk are ignored by users and marginalised by some providers.’
A breach as personal and public as these celebrity photos, whilst not as damaging as some of the recent financial hacks, will serve to showcase that security and risk are key components of any cloud service.