With recent cloud-related security concerns, this topic has become a big conversation piece. I recently had a chance to talk to a friend, Jeremy Guthrie, regarding Cloud Security and how people should approach it. Jeremy has been in the Information Technology / Internet Service Provider business for 23 years, concentrating on networking and security architecture. Side note: I was tempted to include a face-covered picture of Jeremy but unfortunately no cloak and dagger stuff here, just two friends talking. 🙂 Thank you Jeremy!
Here is the synopsis of the conversation, in a two-part blog:
Let’s start with how to think about Cloud-based security for an average cloud user:
Jeremy: As a user, you have to start thinking about where your data is going. You might not need to know the exact physical address, but rather, who is the data going to? What data is going there? Conceptualize whether or not you have control over the data / information you are placing in the cloud. An example: Recently a cloud-based storage / file sharing service, which is used by corporate and individual users, blocked access to sharing of MP3s from individual customers’ accounts. Interestingly these were blocked due to compliance to Digital Millennium Copyright Act (DMCA1). So in this case, the question is who is in really in control of the files?
For the record, neither the writer of the blog or Jeremy Guthrie is arguing for or against the actions of the storage provider or DMCA.
My thoughts: Typically we tend to think of cloud-based storage as an extension of our laptop or device that resides in our physical premises. In which case, typically no one can impose any restrictions on them without either a court order. However in this case, the 3rd party is placing the restrictions in compliance of a legal order.
So what should an average cloud user do?
Jeremy: It is easy to be lazy about the information you give out online and in the cloud. Track what data / information you give about yourself and where. Imagine no data you give out is trivial. Maintain separate passwords for your different online accounts and make sure you have system to store these. If something bad happens, the first question will always be “What did I have there?” If you cannot answer that question, then it is harder to come to a reasonable response. Not every data loss is the end
of the world but you need to know your footprint.
Where can I store my various passwords?
Jeremy: 1Passwordis a good tool. (Here is a link to 1Password: https://agilebits.com/onepassword).
It’s about making you a harder and smaller target. If someone is hell-bent on stealing your identity, they will be able to steal it after making some effort. However the purpose of protecting your identity is to make yourself not stand out and not be an advertised target. Protecting yourself online is basically about reducing the risk of becoming a target. As with any risks, there are trade-offs.
What can you do reduce the risk?
- Know where your information is.
- Use different passwords for every site. Answer password recovery questions with gibberish answers.
- Use two-factor authentication for sites like Facebook, google, yahoo, PayPal, your bank, etc.
- Don’t post your travel plans online in an open forum.
- Post pictures of major travel after the travel dates.
- Don’t post personal information which might give out your identity easily and without thinking about it.
- Don’t share about activities that might get you into trouble, either with future employers or law enforcement.
- Protect your children’s information and environment. As they grow up, they will be in an overexposed world of information, interaction and social media.
- For recurring events, don’t make them public information or publicly reveal you are going to attend them.
(You can read the rest of this next week …. 🙂
cloudsommelier 