Ladies and gentlemen, please secure your belongings for takeoff and landing
To those of us who travel a lot for work (or pleasure) this is a fairly familiar phrase. It reminds me most of the moment just before takeoff and landing when I have to save my work, and turn off my phone and laptop and put it in a safe place. I never really realized what an apropos scenario it was; securing my work in a safe place just before I launch into the clouds, opening up again while soaring and closing just before touching ground. What’s most striking though is that I’m always careful to save everything I’ve got, locally, which I then sync to our main local server and up in the cloud once I have a connection again.We take security for granted in that kind of environment since we tend to be only concerned with possible corruption or loss of data. The cloud, on the other hand, has added a whole new element of concern. When WIRED news writer Mat Honan wrote about his epic hacking of data in the cloud, I was given pause to think more about scenarios that go beyond the obvious ones I’m used to talking to people about in my role as founder and CEO of a cloud file-sharing service.Once we look beyond LinkedIn and Facebook, it’s often easy for us to forget about the interconnectedness of our digital personas. The rise in acceptance of cloud-based services has meant people will sometimes have five, 10, even 20 different cloud-based services they use. Think about it, at a minimum, you probably have accounts with: Google, Yahoo, Facebook, LinkedIn, iCloud/Dropbox/Egnyte, Amazon, Hotwire, etc. And that’s just some of the basics. Those add up and create a confusing mess for the consumer.In addition, work is likely adding even more to your plate, like a CRM tool, corporate email, news services, Salesforce automation tools, you name it. Even your average worker now has upward of 15 accounts, not including any extra doodads for your specialized work or hobby. That’s a lot of your information floating around in the cloud.If we jump back to the hacking of Honan, we can see just how the hackers utilized the myriad of accounts, and the differing rules (because each system does not cooperate) to their advantage. So what to do? It seems to me that all of these cloud services need to begin speaking to each other, and more importantly, agreeing on the ways they are going to secure personal data. Advanced security features such as, Security Assertion Markup Language, Two-factor authenticaton, and Single Sign On are a good start, but we need a comprehensive industry-wide solution.My hopes are that this incident is a call to cloud providers to begin standardizing how they approach security, especially when it comes to accessing accounts and account information. Not because I want to create more bureaucracy, but because Mat’s unfortunate incident clearly points out how a lack of communication between vendors and a lack of standardization created a gaping security hole. Put your seatbacks up and tray tables in place, it’s going to be a bumpy ride, but we’ll get there in one piece.*This article originally appread in Computerworld. Click here for the original article.