Never Trust The Cloud. A Cautionary Tale.

The cloud is where it’s at, baby. That’s what big tech companies like Apple and Microsoft would like everyone to believe. Sure, there are advantages to putting your stuff in the cloud, like not losing it if your phone is lost or stolen, or your laptop hard drive crashes.

Now that one of the largest hacking scandals is playing itself in real time on the internet, it may be a good time to consider the downside of putting your stuff on the cloud. What is “the cloud,” anyway?

If you’re interested in what the cloud actually looks like, it’s safe to assume that it probably looks a lot like the accompanying photo. Despite the harmless, fluffy image that one might envision upon hearing aboutdata-center “the cloud,” it’s actually just a bunch of computers housed in some secure datacenter somewhere that have lots of storage space for all your stuff – and a few million other people.

What many people probably don’t consider – and who has time to think about this kind of thing these days? – is that when you place your stuff in the cloud, you are literally turning your stuff over to someone else to hold onto. You are trusting them to keep your stuff safe and secure. And, away from the prying eyes of hackers and other curious people.

Think of it as giving your diary to a friend to keep while you are away, and asking them to promise you that they will never open it. Or, in light of the current scandal where nude and semi-nude snaps of many A-List celebs were snatched from Apples iCloud – having them promise they they won’t lose it either.

Think about it. How many people would honor your request to keep their prying eyes away from the pages of your diary? There’s no question that the friend who agrees to hold onto the diary is going to be extraordinarily tempted to take a peek. Or two.

As for ever losing the diary, who could ever make a promise like that? Sometimes things happen. Burglaries, house fires, and the like. Granted, those are unlikely. Apple probably thought that iCloud was unlikely to be hacked, too.

While most people probably don’t give too much thought to the potential consequences of storing their personal data in the cloud, those of us with geekier pasts might be more hesitant.

During the 1980’s and 1990’s I worked for a very large computer manufacturer. I was a system administrator, which means I had the “keys” to all the computer systems I was assigned to manage. We didn’t have anything called a cloud back in those days, but not much has changed as far as data storage and security is concerned – at least not in a way that matters to the end user. In other words, people just used the systems I was in charge of and didn’t often worry about the privacy or security of their data.

There were a number of users on each system and they all went about their business of writing programs or managing their bosses calendar using the shared resources of the system. They all had their own space to store their data but were not able to access any data belonging to other users.

For myself, things were a bit different. I was able to access everyone’s data. There was no way to hide from the system administrator. Accessing other people’s data was done pretty rarely, and there were times where it was actually part if the job. At other times, not so much.

I was not a serial snooper by any means, but there were times when something that was going on at work resulted in temptation I was not able to resist. I should point out that these were all company-owned systems, and employees were given access to them only for work-related activities. The users did not have any valid ownership claim to the data they stored on those system. The company owned them and all the data that was stored on them as well. Period.

That, however, did not stop people from using the internal e-mail system to discuss all kinds of personal matters. Although I could have spent many hours sifting through countless e-mail exchanges, I can probably count the number of times I did so on my fingers. All ten of them. Still, I held back almost always because it just didn’t feel right.

The times I did wander to the dark side and sift through someone’s e-mail was done to gather information about something going on in the office that affected me. I remember one particular instance when a fellow I especially disliked reported me to my boss for not handling his request for technical support the way he wanted. He made it clear to me he was not happy, and I didn’t respond the way he expected, so I thought he might report me. I accessed my bosses e-mail and found a message from the guy informing my boss that I was “out of line.”

My boss never even mentioned it. Probably because the guy who complained about me was disliked by almost everyone in the office. My boss was also a man who disliked confrontation, and that probably helped. To this day I still chuckle when I think about that guy who thought he would get results by sending e-mail to my boss who never even brought it up.

On another occasion, it was office politics that drove me to access data that was part of an application that was used by managers at review time. Contained therein was aboard-meetingll of the information on pay raises and the salary history of every person in the office. Was that ever an eye-opener! It changed the way I looked at “working for the man” forever, and is a big part of the reason I no longer do.

As I mentioned earlier, on a fundamental level, the way data is stored and secured has not changed much since the 1990’s. It’s still a challenge to lock things down and keep everyone’s data secure. And that’s just keeping it secure from other users on the same system (or cloud) or from the relentless hackers who may try to gain unauthorized access to the system. The system administrators are an entirely different story. They need unrestricted access to everything on the system in order to do their job.

I don’t know if system administrators are subject to more oversight or have all their activities logged nowadays. Even so, a clever system administrator probably knows how to work around that stuff.

Think about it for a minute. All of these cloud systems absolutely require someone to manage them. Do you think a system administrator that has access to a cloud server where some of the most famous people in the world store their stuff isn’t tempted to have a peek?

Hackers are a risk just about everyone is aware of, but many people probably don’t consider the possibility of the other people you are handing your stuff over to and expecting it to stay private. My experience tells me that nothing like that is private, and I won’t even get into the whole NSA thing.

Big corporations offering cloud storage services use words like “safe” and “secure” to promote their products. Your data may be safe from the prying eyes of just about everyone on the planet, but don’t forget that there are a small number of people who will always have access to all of it. Do you really trust them with some of the most personal and intimate details of your life?

I realize many of you will say “yes.” That’s fine. All I want to do is make people aware of the risk. Having spent time on the other side, I know how easy it is to sift through someone else’s personal information. Would you be the friend that would keep your promise to leave your friend’s diary closed?






Leave a Reply