Managing information security amid new threats: A guide for CIOs
A comprehensive collection of articles, videos and more, hand-picked by our editors
We've all heard about the hundreds of nude photos and videos of high-profile celebrities leaked en masse last weekend....
The news has led many security experts and Hollywood elite alike to pontificate on Apple iCloud's culpability in this leak.
Apple has denied that the leak was a result of a breach in its iCloud storage service, saying that it was instead a "phishing" hack of individual accounts. But that hasn't stopped the spate of headlines painting Apple iCloud with the same broad brush applied to the hacker who invaded the privacy of these celebrities. And those sensational headlines have a point.
Apple's efforts to ensure the privacy of its users haven't exactly been Herculean. While the company has offered two-factor authentication in most of its cloud services, its Find My iPhone application wasn't enabled with that extra safeguard -- a vulnerability Apple has known about for months.
Finger-pointing aside, there is a message for CIOs and their IT staffs in this privacy breach, and it isn't about who's to blame, said Kevin Paul Scott, co-founder of brand and experience consultancy ADDO Worldwide, and author of Eight Essential Exchanges. The cloud culture needs to change for all parties concerned. Big enterprise companies need to "hold the big vendors' feet to the fire" on protecting data -- and boycott vendors who don't, according to Scott.
"It will take companies, especially the bigger ones that have large purchasing power, to say, 'If you don't get this fixed, we will not use your products and services,'" Scott said.
The iCloud hack should also prod IT organizations and all the powers that be in the company (including the board of directors) to be more cognizant of what data, both personal and corporate, their employees are uploading to iCloud and other services. But even more important, this high-profile violation of privacy should also drive home to employees that privacy is a privilege that no one who uses mobile and cloud technology can take for granted. Users have been "lulled into a false sense of security and have become really lax" with information they upload to the cloud and put on their mobile devices, Scott said.
IT managers should strike while the outrage is hot and use the celebrity nude photos as a means to communicate to employees the importance of information security in the digital age. It won't be easy, because the measures to safeguard privacy are viewed by users as a hindrance, not an asset, and therefore ignored. "As [IT creates] more complicated passwords, [employees] are becoming more lax in how they safeguard their personal information," Scott said.
So how should IT go about selling good security hygiene habits to users -- other than clucking over the exposure of celebrities' private selfies? Scott's advice is to communicate like a salesperson. "People in technology a lot of times don't communicate the same way that a sales team would," Scott explained. "When you're casting vision internally, you have to connect the things that you're asking employees to do with something bigger." Essentially, IT should take a page from internal sales and "inspire" employees and illuminate the reasoning, not just the prescription, behind security initiatives.
"In this day and age, internal corporate communications is going to be as vital to IT departments as the greater technology strategy as a whole," he said. "It's not enough to have the smartest guys or the best strategy if they can't communicate it internally."
CIO news roundup for week of Sep. 1
More tech happenings as we kick off the fall (and fantasy football) season:
- In more data security news, if the Apple hack isn't enough for you, security analyst Brian Krebs was first to report that Home Depot suffered a massive breach -- one that could be larger than the Target hack.
- Perhaps in response to Apple's iPhone 6 pending announcement, Samsung unveiled the Galaxy Note Edge, which features the same large screen of its predecessor, but also touts a second curved touchscreen.
- Verizon paid the U.S. Treasury a hefty fine of $7.4 million because it failed to notify 2 million landline phone customers of their privacy rights. According to an FCC investigation, these violations began in January -- of 2006.
- Northwestern University scientists have made the startling discovery that shining a laser on a tumbling molecule can cool it down until it stops moving. Are super-fast quantum computers from Google next?
- Cortana could help you out with your fantasy draft. Microsoft's mobile assistant had a pretty good run predicting the knockout round of the World Cup, thanks to a twist in its prediction engine.
- The catered lunches and other edible perks many Silicon Valley workers feast on for free might soon come at a price. The IRS is saying these freebies should be taxable fringe benefits.
Head to SearchCloudSecurity and get expert advice on how to be vigilant with your employees' cloud usage. On the Uncharted Waters blog, Justin Rohrman weighs in on how the iCloud hack differs from other high-profile leaks. And check out SearchCIO's own coverage for expert guidance on cloud security.