Enhance protective measures for cloud technology, expert urges

PUBLISHED : Monday, 20 August, 2012, 12:00am
UPDATED : Monday, 20 August, 2012, 5:32am

Security breaches in "cloud technology" - hailed as a sturdy and inexpensive storage and network solution - have prompted a local expert to urge users to step up protective measures for files stored in remote data banks.

"Occasional incidents have shown that internet users cannot entirely rely on service providers to safeguard their data," said Patrick Lee Pak-ching, assistant professor of computer science and engineering at Chinese University.

The so-called "cloud technology" allows internet users to keep large amounts of data and software with third parties, rather than keep them on their own computers. The technology has gained global popularity as it offers a convenient way for people to keep their digital photos and videos online.

On July 31, online storage service provider Dropbox said that a stolen password was used to access an employee's account. That led to the illegal download of a "project document" that contains users' e-mail addresses.

"We can never guarantee the services are 100 per cent safe from malicious attacks," Lee said. "Since the number of users is large, a single incident can indeed affect a lot of people, even though it may only involve a small portion of all the users."

Dropbox says it has adopted the same encryption standard used by banks to secure the data of more than 50 million users.

Its users currently use data-access passwords that are encrypted by third parties such as Dropbox, iCloud or Google Drive.

Instead of relying on cloud service providers, one of the few ways for users to protect their data was to encrypt their data themselves, Lee said.

"The easiest way to encrypt a file is to zip it - through which you can set your own password," he said. Small and medium-sized firms that are unable to afford their own large servers were more vulnerable to losses when attacks, as well as power outages, occurred, Lee said.

"Natural disasters, such as earthquakes, can lead to a shutdown of data centres - which may cause permanent loss of data," Lee said. "Also, lawsuits and loss of revenues will occur if confidential data are leaked."

Firms could use both public and private cloud technology services to meet their needs, Lee added.

The confidential data of companies should be kept within their private servers which only they can access, he said.