Leaked Documents, Unintended Access: That's Also Life In The Cloud
Running a business in the cloud, or even part of a business, is great for so many reasons: It's cheap (sometimes free), incredibly convenient, and simple. But life on your private little cloud can get unintentionally, and unknowingly, crowded with extra eyes if you're not very careful.
Running a business in the cloud, or even part of a business, is great for so many reasons: It's cheap (sometimes free), incredibly convenient, and simple. But life on your private little cloud can get unintentionally, and unknowingly, crowded with extra eyes if you're not very careful.I am the first to praise many aspects of a business run on the Web. Google Docs was there for me when I needed it most -- my laptop was out of service for a few days.
But the harsh reality of life in the cloud is beginning to become clear to growing businesses ï¿¼ anyone dependent on Microsoft's Office Live Small Business or even Gmail found that out the hard ways these past few weeks.
It seems that an invitation to collaborate on a Google Docs spreadsheet was inadvertently sent to him (apparently instead of Deirdre Gallagher) by Community Newspaper Holdings Inc. This is what he had access to:
"Waiting for me there were live Web traffic reports for a whopping 130 sites, most of them belonging to heartland newspapers like The Muskogee (Oklahoma) Phoenix, The Oskaloosa (Iowa) Herald and The Shelbyville (Illinois) Daily Union. All of these are part of Community Newspaper Holdings Inc. (CNHI), a company based in Birmingham, Ala., that owns more than 90 daily papers around the country."
So, by accident, some employee handed Gallaher "the keys to a chunk of CNHIï¿¼s Web kingdom, including the detailed financial terms for scores of Web advertising deals."
Someone at the company eventually rescinded his sharing privileges but Gallagher could have done a lot more damage than just an incriminating blog.
As he notes: "There was a time when it would have taken a fair amount of criminal activity to get access to this much information about a company's internal workings and Web site performance. Now an employee can accidentally drop it into the lap of a random outsider without even knowing that anything is amiss. That's the power of cloud computing at work."
A reading of the comments to this post indicates that this has happened to other people. Many commenters note that Gmail doesn't recognize a period in an e-mail address. Others note that just carelessness on the part of e-mailers has given them access to information they shouldn't have. A few commenters insist that this is an e-mail problem, not a cloud problem to which Gallagher responds:
"Not only could I read the spreadsheets, I could also monitor updates to them over time through handy e-mail alerts, and even edit them myself, which could have led to some real mischief if I was the mischievous type. I was essentially part of the team. This is not something that would have been possible before Google Docs."
The most helpful of the commenters recommend that anyone with information they want to protect should opt for Google App's enterprise service which has a lockdown feature that would prevent something like this from happening. It's not free like Google Docs but in some cases, you get what you pay for.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.