An apparent hack of cloud storage sites that caused a slew of nude images of female celebrities to hit the Internet over the weekend should serve as a wake-up call for the public and for enterprises to be more cautious with the information they store on the cloud.
"This is a great example of what can go wrong with the cloud," said Jeff Kagan, an independent industry analyst. "I don't know if this will make people or enterprises more hesitant about the cloud, but it will make them more careful, and that's good. That's how we learn. We learn not to touch the hot stove when someone else gets burned."
Over the weekend, stories emerged about about nude photos of model Kate Upton and actresses like Mary E. Winstead and Oscar-winner Jennifer Lawrence appearing online. Some of the photos appear to be authentic. Others do not.
The FBI and Apple both told the NBC News that they're investigating what appears to be hacked iCloud accounts. Apple's cloud-based service is used to store photos, music and videos from Apple devices.
According to a report in the Wall Street Journal, Apple said it is investigating reports that hackers exploited vulnerabilities in its cloud service.
A scandal involving cloud security that receives attention in mainstream media could give pause to IT and business executives who have been moving toward the cloud. Some companies already are nervous about reliability and security, and headlines about a cloud hack and privacy breach could add to those concerns and slow cloud adoption.
Dan Olds, an analyst with The Gabriel Consulting Group, said the reported hack is not good news for cloud computing.
"While some people might think that this is just celebrity chasing, consider that the guy who revealed all of this stuff didn't make any money on it," said Olds. "Wouldn't someone who was motivated to make money have even more motivation to steal trade secrets and things like that?"
A hacker going after an enterprise would be more motivated and might work harder, he said.
"What happens when true professionals start taking a run at data stored in the cloud?" Olds asked. "I would think that all of this would give potential corporate and government customers pause."
However, what enterprise executives need to remember is that the cloud is not inherently less secure than any other IT deployment methods, said Allan Krans, an analyst with Technology Business Research. Individual users' cloud accounts aren't given the same security measures that companies require of their own deployments, he said.
"There are security, password, and identity management issues with all types of IT systems that can and have been hacked," Krans said. "I think this type of personal backup service is more inherently unsecure due to the type of access allowed. It is not centrally managed by an organization, but by a number of individuals who require frequent and easy access, which creates more security gaps that can be exploited."
Users who apply the same password for various services and want quick and easy access to their cloud accounts don't set up the same security levels that enterprises require.
Kagan noted that this celebrity hack should serve as a wake-up call for users to be more careful and for cloud makers to build more secure cloud spaces.
"We don't know in this case whether the weak link was with the cloud itself, or with the user -- like with a weak password or no password," he added. "There are so many ways to break into the cloud and users simply are not aware there is a risk. "
Patrick Moorhead, an analyst with Moor Insights & Strategy, said the problem isn't necessarily with Apple's iCloud service.
"It's possible that a cloud service was hacked, but not probable," he said. "It's more than likely an intrusion came through compromising a PC, stolen phone or phone app passwords, or a rogue phone app."
If it turns out that the hack stemmed from a flaw in cloud security, individual users and enterprises may be pushed to boost their own cloud security.
"If a cloud service was hacked, enterprises will be more hesitant about using the cloud," said Moorhead. "But in many ways, the cloud is safer than on-premises IT as clouds can afford the latest and greatest in security techniques… Enterprises need to assure that a few things are in place. It's important that all data is encrypted everywhere in the workflow, including the client device, network and the server. It's also important to limit certain data from administrators, who may have access to account information or unencrypted data."
Other analysts said that enterprises need to conduct their own penetration testing and should not treat all workloads and data the same. Some data and applications will need tighter security than others and IT departments should make sure they get it.
Companies also should start a cloud deployment by using less sensitive data first, and then working up to more confidential data based based on what they learn.
Companies, and individuals, need to focus more on security when storing information in the cloud, Kagan said.
"We must focus more on security and protecting our private data," he said. "That just makes sense. Companies need to raise security to the top of the page… I would expect we will start to see some [cloud service] companies use security as a marketing tactic."
This story, "Celebrity nude photos scandal a wake-up call for cloud users " was originally published by Computerworld.