Are cloud services secure enough for corporate use? It's a question bankers have pondered for at least a decade and Apple's iCloud breach illustrates both the pros and cons.
Apple has said its servers were not breached, and many have speculated that iCloud fell victim to a "brute force" attack in which software tries to guess users' passwords, trying thousands of possibilities until it stumbles on the right one. Many websites automatically block login attempts after three tries, which would thwart such an attack. "The question should be, should we have sites that require passwords? Should people use ecommerce at all? Should we do mobile banking?" Gupta said. "We accept that it's a fallacy to even think that's a possibility, to not do mobile banking." Similarly, companies need the cloud; in this day and age it's impossible to create a hermetically sealed environment, he argues. James Gordon, the chief information officer at Needham Bank in Massachusetts, takes a middle-of-the-road attitude toward cloud computing. "Anyone that says anything is 100% secure is telling a lie; look no further than the breach of security provider RSA or the issue with the NSA and Snowden," he said. Financial institutions should conduct risk assessments of cloud services and make sure they adhere to their policies and procedures. "Banks should determine the value of the data, then make sure appropriate controls are in place, both physical and virtual controls," Gordon said. These would include requiring users to create strong passwords and making sure an account locks out after several invalid login attempts.