The security of a data stored in the cloud once again came into question lately. The reason was a decision by Apple, which the company announced a bit poorly. Despite it being thought so for good, the way Apple handled it provoked many angered responses from experts and organizations.
Why did that happen? We will find out. Is your data in the cloud in jeopardy? Of course not. Moreover, we will elaborate on why this is true.
So, what did Apple do?
Apple announced that when the new iOS 15 is launched, the company would start scanning the photos people upload to their iCloud accounts. Moreover, it will look for images of child abuse and will report them to the authorities if such are found in a user’s account. Therefore, while the idea is for good, the way it was described provoked many unfavorable reactions. People thought that someone would look at their photos.
Then Apple added some more clarifications that the algorithms will do the scanning automatically. They will not even decrypt the data. Instead, they will use the hashes to check them against an already built database of such problematic images. Special, officially recognized in the US, organizations for child protection are those who build and maintain the database.
Тhe photos and algorithms are in the database, and machine learning techniques will scan all photos that are uploaded to iCloud. The scan will check even for portions of images, as child abusers often split such images in lots of parts and store and transfer them in such manner. The goal is exactly to stay hidden from possible checks. Therefore, the algorithms should find those images without actually looking at them.
Is it that bad?
Of course not. But then things got a bit weird. Initially Apple said that if such images are found in an account, they could be reviewed by a human and then forwarded to the authorities. This is where a lot of people and organizations drew the line and really turned on that idea.
What happens if the photo is incorrectly positioned as problematic? What happened to the marketing messages that Apple had for years and battling the authorities but not giving them user data no matter what? Who will decide when to notify the authorities? These were all of the questions that flooded Apple.
Therefore, the company responded again with more clarifications. The company said that for an account to be flagged, it should meet a certain threshold of problematic images. Initially it did not say what that amount was, but then it was announced that the limit is 30 detected images. Afterwards the account will be flagged for a manual review and only the detected images will be inspected for confirmation. If they are indeed problematic, the data will be transferred to the authorities. It is not clear what will happen if the review confirms that not all 30 frames are problematic, and some are false positives. It is also not clear why it was chosen to be exactly 30 photos, which may seem like a pretty high limit for such a topic.
Apple also said that it is possible to opt-out of the process. For this to happen though, you have to stop the iCloud Photos feature and stop synchronizing images to the service. If you keep them on your device, they will not be scanned.
Why does it matter?
Well, it rather defeats the whole point. If you can still keep such horrible imagery on your device and simply not upload it to one service, then why did Apple go through all of the trouble? It clearly does not want such content on its servers, but is it fine for it to be on the devices? Sure, they are private, but so are the iCloud accounts?
It is quite a messy situation, which gathered the ire of policy groups worldwide. More than 90 such groups from around the world united in an open letter to urge Apple to abolish the plans, Ars technical reported. The organizations were worried that Apple’s system can be used to censor protected speech and threaten the privacy of users. The company has said that there is no reason for such concerns because the tech is not meant for that, cannot detect anything other than the images in the database and it is designed with privacy in mind.
The organizations though feel that there are governments in the world, which will try to take advantage of this technology for their benefit. There may even be demands to Apple to adapt the tech for other means. While Apple says it will not allow that, the organizations do not really want to leave this to chance. Even WhatsApp chimed in and said “Apple has created a surveillance system”.
Should you worry about your data in the cloud?
As we can see, the whole thing is quite a mess. Apple did not do it favors with its poor handling of the situation, needing several different responses to describe the basics of the technology. It should have done that in the first place. All the company has achieved was to cast doubt over the security of data in cloud services in general. Just at a time when people were finally warmed up to the idea of using cloud services and not doubting the security of their data there.
So, let us be quite blunt – the data you have stored in the cloud is safe. In fact, unless you are using some special enterprise-grade equipment and infrastructure, your data is safer in the cloud than on your personal computer or smartphone. Regular, consumer devices are not as secure as a data center. In addition, hackers know this, so this is why they usually target the devices and the users. This is the easiest way for them to get to the data that you have stored on your device and in the cloud.
There is a good reason for that. Data centers all have to complete an extraordinary long list of requirements and standards to get the needed certifications to be called a “data center”. This includes, but it is not limited to, strict protocols for physical access of the building itself, let alone to the server rooms.
The digital security is also on enterprise level for every data center. It features multiple layers of security systems and algorithms along with firewalls and special tools that are used by professional staff on hand. There is also encryption for the data, the servers and the connections.
It is also important to say that these things are constantly updated, and improved to keep up with the latest trends, and security requirements.
Improve security in the cloud
The good news is that you can always add further security layers to improve the protection of your data in the cloud. This way getting to it will be very difficult for hackers and often they will simply look for an easier target. Unless of course they really-really want exactly your data. In either case, you should make sure you have taken all steps to improve the security of your data in the cloud.
The first step would be to lock things down. This means that you should make sure the way you access your data in the cloud is secure. Use a secure connection like VPN. Also, enable two-factor authentication for logging in. Do not use public Wi-Fi networks to access sensitive data. Instead, opt for your cellular data.
Next, encrypt your data. This may be time and resource-intensive, but it’s a way to make sure even if hackers get through to the login and other security measures, that they will simply get “greeted” with another challenge – the data is further encrypted.
Also, keep testing and always be on the lookout. Many cloud service providers offer additional features and tools for monitoring. Use them, so that you find out what happens in your cloud on the regular. Then, it will be easier for you to spot irregular activity and act on it quicker and more efficiently.
Do not neglect additional security training. There is already a big skills and employee gap in the IT world, especially for data center and security specialists. The problem is that many companies continue to neglect cybersecurity thinking they are too small to be targeted by hackers or that they are not simply interesting to them. Everyone is a target to hackers and their abilities only keep getting better at a very fast pace.
So, invest in proper cybersecurity training for your employees. This will help them stay on track with possible attack vectors and threats and it will increase their overall skillset. This is important as cloud security extends beyond just the data center. It also includes the overall online behavior of the users. When they are better prepared to find and tackle phishing attempts, when they know not to post, click, or share certain things and details, that will all have a positive effect on your overall cybersecurity.
Therefore, yes, the cloud is safe. The data you store there is fine, as long as you also maintain a decent level of company and personal cybersecurity, as well. As you can see, breaches rarely happen via the cloud providers and instead they are all happening via the company that uses a certain service. This is a clear sign that the cloud and data centers are quite secure.
If the topic of security and data centers excites you a lot, here is an article that you may find interesting enough to spend some time reading it: