What’s this ‘cloud’ you speak of? Good question. Cloud services are applications that are Software as a Service (SaaS) based and hosted on OPP — Other People’s Property — so that a user is not required to download and install a software package in order to use the service. All you need is the Internet browser of your choice and you’re good to go.
Millions of consumers interact and store massive amounts of personal data every day. For example, those of us who watch Netflix or use Instagram to send pictures — all that content is stored in the cloud. DropBox, a file storage and archiving service, maintains your pictures, media and documents on that company’s storage infrastructure so they are easily accessible from anywhere. But this isn’t the only information being kept in the cloud.
Along with your movie queue, favorite playlists and info about all your friend’s happenings in the social media sphere, Personally Identifiable Information (PII) used to access this content resides on these same cloud-based platforms. First and last name, email address, phone number, date of birth, address, gender, card expiration date — all of the normal stuff you have to enter into a form field in order to get access to the features and functions of the website or online service that we want.
Although not all cloud services are risky, major data breaches are happening every year. The non-profit, Identity Theft Resource Center, tracks all US breaches and issues a report of its findings at the end of the year. 2013 was a banner year with 619 data breaches (about 1.7 breaches per day) that put 57.8[i] million records in harm’s way. Looking through the full report is like looking through a list of Who’s Who in Data Breaches for your state. It is simply amazing to see the breadth and depth of data loss.
This isn’t to say all cloud services have security problems, but it’s important to only put your personal information on credible cloud services that you can trust. While everything continues to move toward the cloud, as a consumer, we are increasingly left with little choice as to how we must interact with the service. The service providers dictate what information we must provide in order to use their services, compliments of “required fields” used in their account creation process. I’ve noticed an increasing trend for sites to require the use of Facebook sign-in credentials in order to create an account on their site, thus defeating the user’s ability to create the account using fake contact information or unique log in credentials.
HINT: It may be wise to be more thoughtful of whom you accept as friends these days. As the convenience of using the same set of credentials across multiple sites seems obvious, so do the security implications. Instead of guessing that you’re using the same credentials across multiple sites, this pretty much guarantees it. So, all I have to do is hijack your Facebook account in order to get access to your social profile AND access to your other online accounts, right? Right.
Ultimately, it is up to consumers to be thoughtful and aware about the amount and type of information they share (this gal, two thumbs pointing at self, will often use fake information to populate an account, while saving the “real stuff” for those companies with whom I trust and truly want to do business), understand the methodology companies they transact with use to secure their information once it is provided, and determine if the risk of doing business and sharing all your PII with them is really worth the reward. Some cloud services have a lot more security measures in place than others. If you do your research, you can find a service to trust.
Got any security tips for using the cloud? Let us know!
Karin Tansey is the Senior Direct of Product Management at myFICO and an online security expert.