Leaked Documents, Unintended Access: That's Also Life In The Cloud - InformationWeek
IoT
IoT
Government // Mobile & Wireless
Commentary
8/29/2008
09:17 AM
Commentary
Commentary
Commentary
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Leaked Documents, Unintended Access: That's Also Life In The Cloud

Running a business in the cloud, or even part of a business, is great for so many reasons: It's cheap (sometimes free), incredibly convenient, and simple. But life on your private little cloud can get unintentionally, and unknowingly, crowded with extra eyes if you're not very careful.

Running a business in the cloud, or even part of a business, is great for so many reasons: It's cheap (sometimes free), incredibly convenient, and simple. But life on your private little cloud can get unintentionally, and unknowingly, crowded with extra eyes if you're not very careful.I am the first to praise many aspects of a business run on the Web. Google Docs was there for me when I needed it most -- my laptop was out of service for a few days.

But the harsh reality of life in the cloud is beginning to become clear to growing businesses  anyone dependent on Microsoft's Office Live Small Business or even Gmail found that out the hard ways these past few weeks.

And now The New York Times' Bits blogger David Gallagher has a story that should give any growing business pause.

It seems that an invitation to collaborate on a Google Docs spreadsheet was inadvertently sent to him (apparently instead of Deirdre Gallagher) by Community Newspaper Holdings Inc. This is what he had access to:

"Waiting for me there were live Web traffic reports for a whopping 130 sites, most of them belonging to heartland newspapers like The Muskogee (Oklahoma) Phoenix, The Oskaloosa (Iowa) Herald and The Shelbyville (Illinois) Daily Union. All of these are part of Community Newspaper Holdings Inc. (CNHI), a company based in Birmingham, Ala., that owns more than 90 daily papers around the country."

So, by accident, some employee handed Gallaher "the keys to a chunk of CNHIs Web kingdom, including the detailed financial terms for scores of Web advertising deals." Scary stuff.

Someone at the company eventually rescinded his sharing privileges but Gallagher could have done a lot more damage than just an incriminating blog.

As he notes: "There was a time when it would have taken a fair amount of criminal activity to get access to this much information about a company's internal workings and Web site performance. Now an employee can accidentally drop it into the lap of a random outsider without even knowing that anything is amiss. That's the power of cloud computing at work."

A reading of the comments to this post indicates that this has happened to other people. Many commenters note that Gmail doesn't recognize a period in an e-mail address. Others note that just carelessness on the part of e-mailers has given them access to information they shouldn't have. A few commenters insist that this is an e-mail problem, not a cloud problem to which Gallagher responds: "Not only could I read the spreadsheets, I could also monitor updates to them over time through handy e-mail alerts, and even edit them myself, which could have led to some real mischief if I was the mischievous type. I was essentially part of the team. This is not something that would have been possible before Google Docs."

The most helpful of the commenters recommend that anyone with information they want to protect should opt for Google App's enterprise service which has a lockdown feature that would prevent something like this from happening. It's not free like Google Docs but in some cases, you get what you pay for.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll