Proactivity…the next move of cloud providers?
In the wake of the iCloud hack Apple stated that they did not experience a security breach, but rather the leak was the result of a ‘targeted attack on particular accounts.’ As Apple attempts to wash its hands of fault, we could ask are they truly free of culpability? If there are measures that could have prevented the hack, is Apple to blame for failing to implement them?
The other method to passwords promoted by the media has been ‘two-step authentication’. Is it something cloud companies should insist their customers use? Hailed by some security experts as the ultimate password alternative, banks wouldn’t dream of keeping your details solely under the guard of a password. Yet you can access your iCloud, a virtual world of personal data, with just a few letters.
If a bank has in place, every conceivable security measure and yet, in spite of this, through some feat of ingenuity, a master criminal penetrates the defences to walk away with £1 million, few would question if the bank had failed to do its job. However, if a bank has the option of every conceivable security measure, but it is offered on an opt-in basis, and that same criminal takes the £1million with comparative ease, well, we would certainly ask few more questions.
Apple do offer two factor verification, but until this week, it is highly unlikely the average Joe Bloggs would be using it for iCloud or even know it was an option, which for me, puts them in the same category as the second bank. Apple has the resources at their fingertips to implement this across the board and surely, to remain entirely blameless, they have a responsibility to do so, which includes expanding the current areas it protects to include iCloud photos. Secondly, there are more iPhones in the world than people that understand how to use them and there is little being done in the way of educating them. iCloud upload happens automatically, you don’t need to understand what is going on to subscribe and as the past week’s events have proved, when it comes to internet security ignorance is far from bliss. People trust companies like Apple, which puts them in a position to ensure its users are clued up before venturing into the cloud.
People are lazy; whether it’s voting or joining organ donation registers, unprompted they more than likely won’t bother, but apathy is the cause, rather than resistance. Surely, now there will be a movement of proactivity on the part of cloud providers, to ensure their users have the best defences against online attack and a strong armoury of knowledge, to ensure the finger of blame does not point their direction in the case of future hacking.