Welcome!

Python Authors: Matt Davis, Jyoti Bansal, Pat Romanski, Donald Meyer, Liz McMillan

Related Topics: @CloudExpo, Containers Expo Blog, Python, Cloud Security, @BigDataExpo, FinTech Journal

@CloudExpo: Article

The Dangers of Cloud Storage | @CloudExpo #BigData #SDN #DataCenter

The first thing you must do when using a cloud service is to choose a distinct password for it

Today nearly all of us have our information stored on the cloud. It's a very easy solution that allows users to seamlessly create back-ups of photos, contacts and other personal information, giving users access to their accounts anywhere from any device. Perhaps its most prized feature is that it has no storage limits, unlike mobile devices and PCs.

There is, however, a downside to cloud services. Although it is useful in storing data, it could be the reason data is lost. Recently, the celebrity iCloud hack went to trial. The hacker admitted he acquired the credentials by spear phishing his victims and once he had them, all the data they stored on the cloud, whether intentionally or not, was exposed and later posted online.

Many users are not aware of the different risks involved in using the cloud. It's easy to forget that it syncs automatically, storing data that was not intended to be uploaded and accumulating over time. Another side effect due to its remote nature is many users do not feel compelled to protect their cloud accounts as they do their computers and mobile devices, leaving themselves vulnerable.

Users should follow several guidelines to stay safe, while benefiting from the cloud's capabilities. Some of these are simple best practices that should be implemented regardless, such as being wary of phishing attacks and not sharing your passwords. Below is some advice on how to actively protect yourself when using the cloud.

Use a different password for your cloud service
The first thing you must do when using a cloud service is to choose a distinct password for it. Do not use the same password you use for other sites, since it increases the risk that your account will fall into the wrong hands.

Each year, millions of users' credentials are stolen from websites. The best thing you can do to protect yourself is limit the potential damage from such a breach by using a different password for each of your accounts.

In fact, this type of attack was already used to target iCloud users in the past. In 2015, attackers used credentials leaked from various website breaches, such as the eBay breach, to log into iCloud accounts. Once inside, the attackers locked users' iPhones and iPads, demanding ransom in return for releasing them. For the attackers, this was easy money.

Use Two Factor Authentication (2FA)
Two factor authentication is a technology identifying users by two different components. The components could be something you know (password), something you own (chip, phone, etc.) or something you are, for example a biometric fingerprint. Usually, the two factors used are a password and a one-time passcode sent to a mobile device by SMS or automatic call. Using 2FA makes it significantly harder for attackers using brute force to find their way into your account. Most storage and cloud services support 2FA, check out the list of services using it.

This is not to say that using two factor authentication on its own is enough to keep you safe. Unfortunately, malware writers have already managed to bypass even this security method. However, it is a good start, and the 2FA technology rapid development will protect users even further in the future.

Control what you are uploading
Users should be aware if their accounts are set up to sync automatically. While this could be a convenient feature, you might not want to store certain data on a server you do not control. It is also advised that you check what you have already stored on your cloud service and remove what is not necessary.

Stay away from dangerous hotspots
Last, be aware that your communication with the cloud can be intercepted. Even amateur attackers can set-up a fake hotspot with a deceiving name to fool users into using them or even take over legitimate public hotspots. Attackers that gain control of your hotspot can conduct a Man-In-the-Middle attack, stealing whatever data is passing through the hotspot. Users should use only trusted private networks when accessing sensitive data.

Enjoy the cloud, but be careful
While there are many benefits in using cloud services, there are also risks. Users should be aware of them and protect themselves, just as they do when using their mobile devices and PCs.

More Stories By Donald Meyer

Donald Meyer, Head of Product Marketing, Data Center at Check Point Software Technologies, has more than fourteen years of networking and security industry experience. In his current role, he is responsible for Check Point data center and cloud security solutions. Prior to Check Point, Meyer served as Sr. Manager, Product Marketing at Aruba Networks where he was responsible for marketing wireless security, network access control, and network operations product lines. Subsequently, he held various Marketing positions at Juniper Networks, Nokia, Inc., Mitel, AlitGen Communications, and the Associated Press. Meyer holds a Bachelor’s of Science in Business Administration, marketing concentration, from San Jose State University.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
In order to meet the rapidly changing demands of today’s customers, companies are continually forced to redefine their business strategies in order to meet these needs, stay relevant and continue to see profitable growth. IoT deployment and development is integral in this transformation, and today businesses are increasingly seeing the value of investing their resources into IoT deployments. These technologies are able increase ROI through projects such as connecting supply chains or enabling sm...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that EARP Integration will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. EARP Integration is a passionate software house. Since its inception in 2009 the company successfully delivers smart solutions for cities and factories that start their digital transformation. EARP provides bespoke solutions like, for example, advanced enterprise portals, business intelligence systems an...
SYS-CON Events announced today that Outscale, a global pure play Infrastructure as a Service provider and strategic partner of Dassault Systèmes, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2010, Outscale simplifies infrastructure complexities and boosts the business agility of its customers. Outscale delivers a secure, reliable and industrial strength solution for its customers, which in...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
As cloud adoption continues to transform business, today's global enterprises are challenged with managing a growing amount of information living outside of the data center. The rapid adoption of IoT and increasingly mobile workforce are exacerbating the problem. Ensuring secure data sharing and efficient backup poses capacity and bandwidth considerations as well as policy and regulatory compliance issues.
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo Silicon Valley Call for Papers is now open.
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs ofte...
SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in rea...
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assis...
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @CloudExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
SYS-CON Events announced today that A&I Solutions has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 1999, A&I Solutions is a leading information technology (IT) software and services provider focusing on best-in-class enterprise solutions. By partnering with industry leaders in technology, A&I assures customers high performance levels across all IT environments including: mai...