Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 21st year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2016 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

When the cloud leaks

16 December 2016

Yahoo has admitted that up to a billion of its cloud-based free email accounts may have been compromised by crackers.

Wow... that's a lot. Almost a seventh of the world's population?

Well no, not really. I suspect that YahooMail has been a popular place for folk to create throw-away accounts and that only a percentage of that billion or so accounts were or are actually active.

Never the less, this is a huge fail for cloud security and should act as a warning for those who think that the answer to security is just to trust Yahoo, Google, Amazon or whoever.

Protecting your or your organisation's data from unwanted access, theft or deletion may not be as simple as just using a cloud-based solution. In fact, you could be creating an even greater risk.

I'm seeing increasing evidence that companies (and even our local council) believe that the answer to security is to effectively outsource it through the use of cloud-based services as an alternative to hosting on their own hardware. Now whilst that may be true in some cases, I think they need to apply a little more thought to the issue.

The South Waikato District Council here are about to launch an IT revamp to ensure that its computer systems keep pace with demand.

In a presentation to council, IT staff seemed pretty keen on outsourcing via the cloud, offering the perspective that if it's good enough for the NSA to recommend Amazon's cloud services then it's good enough for a small district council to use the same.

Sadly, I fear that these people are over-simplifying the situation and ignoring the fact that the cloud carries with it risks over which they have zero control and are therefore not able to mitigate or even manage.

As we've seen with Yahoo, there are no guarantees that any security breaches of a cloud-based solution will be caught in a reasonable time and, even if they are detected, there appears to be no imperative for the operator to advise its clients in a timely fashion.

The first clue that South Waikato residents might get after such a breach might be a significant increase in the level of spam they receive -- after the email and physical addresses of ratepayers are sold and resold on the black market for such data.

But there's worse... much worse.

As we've seen in recent years, NZ is a country very prone to "disasters" of the natural kind.

First the Christchurch earthquakes devastated one area, now the Kaikoura quakes have knocked even our capital city for six.

So what happens if we have a major quake or national disaster that takes out NZ's internet connections with the rest of the world -- especially our connections to the overseas cloud-based service that you or your organisation has opted to use?

In the case of a local council, can they afford to lose access to their data at the very time such data is most crucial to effective Civil Defence activities etc?

How do you pay wages? How do you get access to important (perhaps critical) data that is housed overseas and thus beyond the reach of your keyboard and monitor?

Obviously the answer is to have a fallback system, a local backup system, some kind of redundancy which ensures that all your data is also kept locally for use in the event that such a calamity is experienced. But if you do this, haven't you just created exactly the same security problem you've tried to eliminate by opting for a cloud-based solution?

No, simply saying "we'll go to the cloud" is not a universal panacea for the issues that vex any and all IT systems.

In fact, it's probably a very naive solution to what is often a rather complex problem.

So I will be watching the South Waikato District Council's decision-making process with great interest and hoping that they are not so stupid as to believe everything that's written on the packet. Let's hope they get some external "expert" advice on such things as security.

Or they could just use Yahoo. At least then they'd know that security won't be an issue -- for clearly, Yahoo provide none.

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

The Missile Man The Missile Man book

Recent Columns

Teleworking, NZ's only hope?
eleworking, we were told in the 1990s, is the future...

The dumb world of smart appliances
The Internet Of Things (IOT) promises to make our lives easier by bringing "smarts" to a whole range of devices and appliances that were previously rather dumb...

If you lied to your employer
Most employers do not take kindly to finding out that their employees have lied to them...

Will hate kill YouTube?
Don't be surprised if you find that there are fewer ads from big-name companies popping up when you watch YouTube videos...

Uh-oh, what will happen next?
I spied something very interesting, and more than a little worrying on the aviation industry newswires this morning...

The biggest flaw of governance is...
Governance is one of the most important roles that people play in shaping, managing and enhancing our nation...

Have another cuppa
Some of the most interesting medical research to surface in recent years relates to the healthy effects of a good old cuppa...

Google Shopping
PriceSpy and other Kiwi price-comparison websites have been doing a roaring trade by creating lists of places where you can buy stuff...

When you don't learn from mistakes
Nothing is ever a total loss. Even the worst disaster brings lessons that can be used to enable a higher level of preparedness for the next bad event...

What ever happened to?
Hands up if you remember any of the online auction sites that once started off with a hiss and a roar, promising to dethrone TradeMe...

When we are redundant
If you, like me, scoffed at the media stories which predicted robots will take a huge percentage of our jobs in just a few short decades, maybe it's time to stop and think again...