How To Protect Yourself Against The Shortcomings Of Cloud Providers

There are two sides to this: Firms offering services need those services to be trustworthy. They need to build security in, fix the vulnerabilities they find, and have a broad view towards where risks can come from.

The means of building secure software are well known, so it’s a matter of diligently applying techniques like architecture review, design review, code review and so on. Regular people have no insight into how secure a firm or its service is, and thus must make the assumption that it is not as secure as they would like.

Protect yourself

They must protect themselves against the shortcomings of their providers. This boils down to a few straightforward tips, as described by Paco Hope, principal consultant at software and application specialist, Cigital.

1.  Password diversity

Don’t use the same password for two things. If you must reuse passwords, use as many different passwords as you can manage. Never use the same password for two important things (work, Amazon, iTunes, Google, PayPal, etc.). People who do this successfully use password managers. 1Password, Keepass, LastPass, PasswordWallet and others are all good alternatives.

2.  Rummage through the settings

Virtually every software package, online service, or mobile app has a bunch of settings. Most defaults are insecure. (e.g. send your backups to the cloud, don’t encrypt them on your PC). Many defaults opt you into things you’re better off opted out of. Marketing, data collection, synchronising all your contacts with some web service that will sell them, etc. The more you distribute your information across services and allow services to interact with each other, the more a breach at one of them can affect you at the others.

3.  Check your authorisations sometimes

You can use your Facebook, Twitter, LinkedIn and Google accounts to grant access to sites, apps, and services. Sometimes authorising an online comment form might grant the site the authority to post a tweet or status update as you. If that service is compromised, an attacker might get the ability to use your account to send links to your friends and followers. Every service offers the ability to review the sites and apps you have authorised and remove a few from the list if you want to. It’s always possible to reauthorise them if you need to, so be aggressive and pare the list down once in a while.

For online services, established methods for handling passwords securely are well known. However, it is not as simple as “salt some hashes”, the way developers might expect. The OWASP Password Storage Cheat Sheet is the definitive free guidance on doing this right for software developers. Disclosing breaches to users is also very important. If they don’t know, how can they protect themselves?

How much do you know about cloud computing? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

26 mins ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

3 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

4 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

4 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

21 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

22 hours ago