One of the most common concerns I hear from people contemplating putting anything in “the Cloud” is the fear that their personal information will be viewed by someone else. It is not that most people have huge dark secrets about a secret marriage and another set of kids on the other side of the world (OK – some do) but people feel uncomfortable with their personal information being accessed by a stranger. I totally understand. My typical response to these people is that companies that are based in the cloud have one priority above all others. Data security. What keeps CEOs of cloud based companies awake is security. If there is a data breach, the reputation of their company suffers significant damage – sometimes irreparable damage.
Well I am here to say that I got it wrong. After the huge Uber breach that has hit the news over the last few days – where hackers accessed personal details of 57 million Uber users and Uber paid them US$100,000 to keep the breach quiet – it appears that you should judge cloud security based on the reputation of the individual company rather than my previous general statement.
Contrary to seemingly at least 57 million people in the world, I am not a huge fan of Uber. On a matter of principle, I have never used Uber. Some commentators laud Uber for disrupting an industry that “needed” disrupting. My issue with Uber in particular is that they have a flagrant disregard for the rules. In any industry there are rules and regulations and standards which businesses must conform to. Uber break into new markets and operate illegally and then claim they are pioneers. I can think of a huge number of extremely profitable business opportunities that exist if you are happy to operate outside the law. Drug trade and people smuggling come to mind. OK – maybe a bit extreme but you hopefully understand my point. While most businesses are playing within the rules, Uber choose to deliberately go outside the rules.
I often say that everyone makes mistakes – it is how you deal with them that makes the difference. We see other companies with data breaches – and they are typically announced with an embarrassing media release that informs customers of the problem and the steps they are taking to rectify it. Not Uber. A quick payoff to the hackers and they continue on with their business.
It is simply not good enough.
This is not the largest data breach in history. Yahoo still lays claim to that honour with 3 billion user accounts hacked. Others such as FriendFinder (412 million); myspace (360 million); LinkedIn (165 million) and more have featured with larger breaches than Uber and they have all dealt with the breach in a different way. Uber is the largest that has come to light that has had the arrogance to pay off the hackers and then try and keep it quiet.
So as of this week my advice to people who ask about cloud security is different. I won’t tell people to stop using the cloud. That would be akin to telling people to stop flying because of 9/11. The risk of your flight being hijacked is still lower than your risk of being run over by a car walking across the road and the risk of your data being leaked and then used against you is still incredibly small but I would add some precautions.
Have a look at the company that you are giving your details to. See if they have a policy around how they store and protect your data. Most hackers want to either steal your money or your identity so keep an eye on those monthly bank statements and be suspicious of any strange activity on any of your online accounts. Lastly, and I know it is a pain, but also use a strong password on your online accounts and change the passwords regularly.
After all that, is it worth it? I still think it is because the cloud frees us up to do more with less but maybe do it with a little more caution than I have previously advised.
Mathew Dickerson