The moment personal photos of Jennifer Lawrence, Kim Kardashian and other celebrities were leaked from iCloud it became global breaking news and suddenly everyone had questions and opinions about cloud security. This is also when my phone began ringing with questions and I started to field comments on the “iffy” sense people were having about security of the cloud. The volume was so intense that I caught myself addressing concerns while selecting cherry tomatoes at the cafeteria salad bar!
I appreciate this interest and can talk about cloud for hours. So naturally I seized the opportunity afforded by this security hack for the purpose of educating the public. Security is an absolute top priority for me. And is the sine qua non for moving anything to the cloud. A decision to move to the cloud is only made if the security is as strong as it can be and we have fully understood the nature of the security solution, and the potential threats. Since security threats are constantly morphing, so is the need for consistent monitoring and reevaluation of cloud security.
To the question “Is cloud secure?” I’d answer, “yes - if done properly.” Let’s face it, a safe is not secure if the door is left open or if someone has the combination. There are best in class practices that must be followed to ensure cloud security.
It is important to stress that NOT being in the cloud does not mean that things are more secure. Even if things are not in the cloud and we are inside an enterprise network, when we connect to the Internet we expose ourselves to some level of risk. There is no escaping this. We must be careful not to lull ourselves in a false sense of security just because things are not in the cloud.
What I am stressing in my discussions on security is that assessing security is a delicate balancing act of risk and utility. We need a risk-based approach to both cloud and non-cloud solutions. It is never absolutely clear-cut.
One thing that is clear-cut, however, is that the theft of personal celebrity pictures raises more interest in cloud security than even the best white paper.
Now, I am not making light of any thefts of personal information or subsequent posting of that information. What happened to Ms. Lawrence and others was absolutely wrong. But, if there is a silver lining to this cloud story, it is that it has brought the discussion of cloud security into the mainstream. And this is a very good thing.
Did you experience the “Jennifer Lawrence Effect” changing interest in cloud security?