That data, actually OUR data, in the Cloud

Nowadays, the Cloud is everywhere. For most users, this technology is assimilated to some sort of a digital extension of their technology-related hardware. If from a technical standpoint the Cloud is not a revolution but a mere evolution of online services, the Cloud nonetheless changes the relationship between us, as users, our computer equipment, our data and our Internet Service Provider (ISP).
 
Date 2016-03-30 Author Luxembourg Safer Internet Centre
picture
The Cloud allows users to access a single internet-based service using several types of IT equipment such as computers, smartphones, or any connected device. It includes all the features that often manage our photos, videos, documents, and more generally all the data that make up our online life. However, one thing is clear: the Cloud is made of online services crunching our data and running on computers belonging to someone else.
 
But there is something important to remember: the data belongs to us. Third parties can only do with our data what we authorise them to do.
 
As a unique gateway to our data, it is our responsibility to secure our Cloud. The usual best practices also apply in the field of general public use of information technology. Passwords must be long and non-obvious - use a complete sentence and add special characters, therefore evolve from a password approach to a passphrase. And of course, never use the same password for multiple accounts. Most of the Cloud services also offer two-factor authentication: it provides a better level of safety, since it relies on other devices such as our mobile phone for all transactions done on our accounts (such as, but not limited to, changing a password). Most of the public Cloud services provide this option.
 
The biggest change brought by the Cloud and the related massive widespread adoption of web services by the general public is a shift from technical security to legal security.
 
None of us read the terms of use. But would we buy an external hard drive for doing backups on our computer if it was clearly stated that the hard drive might stop working for any reason and we accept, by using it, a complete lack of warranty? Would we buy a picture camera which grants the company creating the camera a right to reproduce and commercialise, for any reasons and by any means, our own pictures? Would we use the services of a Post Office which would allow itself to read all of our mails and deliver, in return, targeted advertising?
 
Such clauses are unfortunately fairly popular in the Cloud. "I have read and accept the terms of use" is most probably one of the biggest lies on the internet. The core issue is the fact that people completely underestimate the impact and related consequences of such contracts.
 
Threats to our data
One should, as much as possible, restrict use of the Cloud to actual needs. Ask yourself: do you really need to activate all the services (shared credit card numbers, shared passwords, shared browsing history…)? Be aware that all Cloud services depend on the sustainability and goodwill of a supplier. Services might change over time. Also, on certain Cloud services, we may grant our provider the right to use our documents and data content. This option is specified in the terms and conditions, which we should read. Seriously. Read them and understand their terms.
 
As for shopping in the Cloud, available products are often limited to a right of use linked to a specific platform. These products can be impacted by some Digital Rights Management systems that may limit or even prevent us from using the goods as we please.
 
Finally, the technical architecture of the Cloud impacts all our data: (1) we cannot really be sure that your data is destroyed, (2) we cannot know for sure who can access our data, and (3) we cannot know what is done to our connection and usage data (advertising, profiling, etc.). We should keep this in mind next time we intend to get any goodie set among the Internet of Things (IoT) - always uploading data to the Cloud… and the galaxy.
 
Today we can work, play, socialise and watch photos or videos in the Cloud. Even if there are risks, the Cloud remains very useful for those who have multiple internet-connected devices. But, like any tools, great potential comes with great responsibility.
 
Clever Cloud User is the campaign held by BEE SECURE in Luxembourg, coordinated jointly by securitymadein.lu, the Service National de la Jeunesse (snj.lu) and KannerJugendTelefon (kjt.lu), and co-funded by the European Union.
 
 
Article written by Dr Matthieu Farcot and Emilie Muller, securitymadein.lu, for BEE SECURE.
 
 

Related news