We’re Putting Everything in the Cloud. That’s Scary as Hell, and Here’s Why.
The cloud is a real thing, and it’s not as secure as you think.
Did you open up a Google doc today? You used the cloud. You did it again when you checked email and Facebook. And when you uploaded that file to Dropbox? You used cloud storage. You can see where this is going. The cloud dominates the modern internet. In fact, global cloud IP traffic will reach 6.5 zettabytes—or a trillion gigabytes—annually by the end of 2018. That’s the equivalent of streaming 234 million years of HD-TV. Everyone from mega-corporations to individual internet users store data in the cloud, both non-sensitive and private—often extremely personal—information.
So what exactly is this mystical floating storage device? No, it’s not a “farting… Monty Python cloud” that “emanates the voice of God,” nor can it “fit inside a cellphone,” as people semi-seriously told the Star Tribune. The cloud has a physical presence: It’s a massive network of multi-functional servers held in warehouses around the world. Apple’s iCloud warehouse occupies 200 acres; one of Facebook’s two warehouses occupies the square footage of an 81-story building (powered by 950 miles of cable). Whenever you upload a piece of information, it crosses the transom to a tactile location and settles down in servers owned by a range of companies.
[quote position="left" is_quote="true"]Code Spaces contacted the hackers, who demanded an actual ransom in exchange for ceasing their assault.[/quote]
And just like your home hard drive, the cloud can crash or be violated by people with nefarious intentions.
You might have first been made aware of the cloud’s vulnerability when Apple fell prey to cloud-based hacks into iCloud’s back-up systems, resulting in the release of dozens of celebrity nude photos. But small companies are targets, too—and the attacks on them have significant real-world implications. Code Spaces, a hosting provider that offered project management and development assistance, was forced to go out of business after their cloud system was hacked. First, the hackers initiated a DDoS attack on the site, sending a bandwidth-overwhelming amount of fake traffic to the service that was enough to block legitimate traffic. Code Spaces contacted the hackers, who demanded an actual ransom in exchange for ceasing their assault. When Code Spaces declined to pay, the hackers didn’t simply continue bombarding the company’s service with traffic. They started to delete archived information at random from Code Spaces’s cloud storage, resulting in potential recovery costs that were high enough to compel Code Spaces to cease operations.
The hijacking of Code Spaces’ business operations offers a valuable lesson. If cloud providers aren’t following a protocol of keeping multiple copies of data in multiple locations, all of that information can and likely will be compromised, whether through malicious actions or simple physical fallibility, the kind that comes from water damage or aging components.
This isn’t really what the cloud looks like. But storing files in the cloud isn’t any safer than storing them in a drawer.
These kinds of server failures aren’t just a problem for companies. They’re also a problem for you. In 2011, Amazon experienced a major server failure that resulted in the destruction of 11 historical hours of data. You probably don’t care if Amazon loses information. But when the company’s servers go down, everyone who relies on their cloud services is also at risk, including streaming services (Netflix), publishers (Condé Nast), government organizations (C.I.A.), social media services (Pinterest), and creative products (Adobe).
[quote position="right" is_quote="true"]You probably don’t care if Amazon loses information. But when their servers go down, everyone who relies on their web hosting services is also at risk. Including Netflix. And the CIA. [/quote]
As the amount of data in the cloud grows and more cloud service providers pop up, this issue is not expected to disappear. But what can we do, in a cloud-based world, to combat it? You probably shouldn’t become a modern Luddite, shutting down your Instagram and removing all your files from Dropbox in favor of an internet-less machine. Just as it would be practically impossible for you to completely scrub your online presence from the internet, large organizations aren’t about to remove all of their data from the cloud, nor would they be able to. Besides, working within the cloud can provide substantial cost savings; for example, the government entity General Services Administration (G.S.A.) switched to a cloud-based email system in 2011; by 2013, G.S.A. was on track to save $16 million over five years as a result.
For now, the best we can do is encrypt our information before uploading it, keep personal and sensitive information on-premises as well as in the cloud, use two-step verification whenever possible, and be smart about our passwords.
Illustrations by Brian Hurst