You have probably seen the recent press coverage revealing that celebrity “phone selfies”, private images and personal data have been hacked and posted to various online forums, including 4chan and Reddit.
Speculation has been rife about how this happened, but common opinion seems to point to “brute force” hacking methods (such as iBrute), whereby hackers are able to continually retry password combinations until they eventually stumble across the right one. Most services including Apple’s iCloud have now added a limit to the number of password attempts, which to the dismay of the hacking community has put an end to this practice, at least for the time being.
We may never know whether the hack was specifically via iCloud or via multiple breaches. Either way the subject of data privacy and security in the cloud has raised its head again.
It is perhaps naïve to assume that consumer grade apps and backup products will always be free, always be secure or even always be there. And even if your “cloud provider” states that your data is secure in transit, can you be sure the data is actually encrypted when its gets to its (global) destination? And if it is, are you the owner of the encryption key or is there a back door into your data?
Two-factor authentication helps block unwanted access to applications, and a robust data security policy requires “that precautions are taken against the loss or damage of personal data”. This should include password policies, network security, encryption key management as well as a deliberate choice on where that data resides.
Redstor has a strong reputation for providing secure and encrypted cloud services, protecting the data of over 10000 organisations across the UK. Redstor cloud backup services store the encrypted data in the Redstor UK-only data centres. Our cloud sync and share service, Centrastor, enables organisations to store and share files and sensitive data securely from any device with an internet connection and our Centrastage service enables support providers to guarantee that devices they support are regularly audited, patched and safely up-to-date for effective endpoint management.
To find out more about our services and how we can help you comply with data protection laws and prevent data leakage, please contact us either by giving us a ring on 01189 515 200 or emailing [email protected].