The recent incident at the Twitter on the information leakage shall not be considered as a cloud security weakness. Reading through various blogs and the description from Twitter , it looks like the real cause is the weak security practices followed by a Twitter employee.
Like many other users, I use the Google Apps for various solutions and email is one among them. So, if there is a security issue at the google cloud, it will be a threat for my applications as well. This made me to look into the details of this security incident.
The outcome of my thoughts are the following:
- You need to establish good security practices
- You need to educate your staff on the password management practices
- You should have a solid password policy. I will suggest 8 characters of alphanumeric and if possible special characters with a 45 days expiry
Another interesting this I saw in the twitter blog is that, the twitter CEO’s wife’s account had the family personal details and no official information. This is another key aspect to be concerned.
There should be an email/internet usage policy which should detail the restrictions of using the personal account for business use. The policy should also clearly state that the personal emails shall neither be used for communicating the business information nor for storing them.
Remember the Sarah Paulin’s email hacking case where the hacker claims to have obtained the government information by hacking into her personal email account
The twitter incident is a personal security incident and not a cloud security concern at this point.
I can have good sleep without any nightmares about cloud security at least for a while