720-891-1663

The Risk of Using Cloud Apps

I have been tempted, from time to time, to use cloud apps to do things like convert PDFs to Word documents or reformat videos and the like. To date, I have successfully resisted that urge.

Apparently, there is some merit to that restraint.

That does not mean that the cloud is evil.

What it does mean is that you have to do your due diligence. That part is hard, although we can help with that and make your lift a lot lighter.

Okay, so what happened? This is the case of some online PDF conversion apps. People sometimes have documents in some format and need to convert it to a PDF. While this may seem simple to us techno-weenies, it is not so easy for mere mortal. Hence, they resort to Google and some unknown and unvetted cloud software.

Let me take a side turn here for a minute. Some CIOs will say that we don’t have to worry about that; our employees can’t install software.

To that I say “THAT IS THE WHOLE POINT OF CLOUD APPS – THERE IS NO SOFTWARE TO INSTALL”. Likely, this means that your assumptive controls are, to be rude, completely meaningless.

End of the side turn. In this case two online PDF making applications, PDF Pro and Help PDF, which seem to be operated by the same legal entity, stored the documents that their customers uploaded in an S3 blob, which, shockingly, was not even protected with a stinking password.

Researchers found around 90,000 documents in this bucket including passports, driver’s licenses, certificates, contracts and other documents.

All available for the taking with not even a password to stop them.

Worse yet, the researchers attempted, multiple times, to contact the company and they ignored them.

For the average user, it is difficult to impossible to figure out whether any given [FREE] cloud application is safe. Or, even for the paid ones. For businesses with the resources to hire a company like ours, they can improve the odds dramatically. If they choose to do so and enforce it.

“With access to personal documents, criminals can engage in various fraudulent activities such as applying for loans, renting properties, or purchasing expensive items using the victim’s identity,” researchers said.

Attackers can utilize the leaked documents to impersonate individuals and open bank accounts, apply for credit cards, or conduct other financial transactions in the victim’s name.

Unfortunately, it is a matter of pay me now (to review the software) or pay me later (to mitigate the breach). The former is definitely less expensive.

Credit: Cybernews

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *