Posted April 25, 2018
The biggest marketing coup I’ve ever seen is the ‘cloud’: somehow people were convinced that storing their data on somebody else’s computer was as benign as a ball of sky-fluff. That’s what the Swedish transport authority thought in 2015 when it outsourced all of its data to IBM. But after the agency’s head was dismissed and fined half a month’s salary in 2017, the reality of the matter came to light: IBM workers in the Czech Republic and Serbia had access to all the agency’s data without passing necessary security clearance. That meant that all sorts of data was up for grabs, including the personal information of fighter pilots, those on the police register, secret agency personnel, witness protection program participants, and the details of all government vehicles.
Quite a screw up, huh? During this episode we used the Swedish slip-up as a cautionary case against the cloud. It’s not that the cloud is a terrible idea – we also use it for certain tasks - but it needs to be approached with a critical mind-set. Ask yourself key questions: why do I need the cloud in the first place? Do these benefits outweigh the risk of using somebody else’s computer? If you think it is, look for some key indicators of trust, such as the cloud provider’s policy on encryption, their business model, and their reputation amongst consumers.
There are also some ways to take cloud security into your own hands. This includes the awesome Cryptomator, an app that seamlessly encrypts your cloud storage files (e.g. Dropbox files) as you work on them, and making your own cloud using a NAS. But if you want to really know how to navigate the cloud, have a listen to the podcast.
Credit to Rick Falkvinge at Private Internet Access, who helped publicise the story back in 2017.