Friday, August 17, 2012

Be careful how you use "The Cloud" and keep making your own backups; a Wired writer's story

Security pundits have been discussing the massive hack on Wired writer Matt Honan’s digital world, starting with Twitter but mainly focused on his life in Apple’s meso-thunderstorm clouds.

It’s pretty clear that there is a risk in “overdoing it” in linking all of one’s devices and being able to automatically repopulate them from the Cloud.

Actually, the whole situation reminds me of the old mainframe work environment in the 80s and early 90s.  You had your own Roscoe libraries, but there were secured procedures to promote source to various test, QA, and production libraries and these were controlled by TSO. Once companies started using client servers or LANS, PC’s typically had their own local drives and then virtual network drivers, with shared data, “clouds” with respect to the organization.

A home user of a “cloud” service would logically want only certain portions (like logical “drives”) of his or her PC repopulated automatically.  I can certain understand the benefits of automatic synching.  For example, if you travel a lot and take a smaller airbook or netbook with you, all the data would be there with you on the plane – nice for cross-country or oceanic flights, especially if you frequent faraway places like China (and you’re editing a novel).  If your iPod gets synched, you can always play any of your music on a home stereo through the iPod dock on your receiver. 

A sensible security procedure would be for the Cloud service provider (Apple in this case) to require Google-style two-step verification before altering anything on your hard drive.

Honan discusses the holes in Apple’s procedure, requiring only credit-card-last-four, mobile phone number, a billing address, and an email address (and the last three are easy to get from most personal websites).  Certainly two-step ought to be there.

There’s one more hooker on the Cloud service Honan didn’t mention: you need OS Lion or later.  I have OS X 10.6.8 on my 2011 MacBook, which is already too “old”.  An upgrade would be a big project, and I’d have to check if it would affect my Sibelius (music composing) application.

I’ve been used to making and keeping physical floppies and now thumb drive backups of my stuff for decades.  I have more than one drive, and they are kept in various locations (at least one is kept in a safe deposit bank at a bank and updated every few months -- rather like PM visits to the dentist!).  It’s getting easier as thumb drives get “bigger” in storage.  I do use Carbonite on two machines, although, as these are Cloud backups, they would need more beefing (I would suggest that Carbonite implement a two-step system, too, as should other companies, like Mozy and Webroot, that offer backups). 

One would also recommend that users consider making optical media (CD) backups as well as thumb drives. I’ve never heard of data loss due to an electromagnetic pulse attack (EMP – which could conceivably be localized -- or maybe even a severe solar storm), but there is (as the popular song says) always “a first time”.

The Aug. 6 story on Wired (which has a follow-up on Aug. 13, where Honan explains how he rescued most of his data) is here

1 comment:

Anonymous said...

I have been skeptical of the security and reliability of the "CLOUD" since it became a popular resource several years ago.
I have GBs of unused storage, through several memberships and security software packages. I still rely on (multiple) external hard-drives and flash drives.