It's very easy, after reading "The Snappening" Snapchat security breach news, to determine fault lies with users. It would be very easy and convenient to blame the leak not on the leakers, but on the users who sent sexually explicit materials to friends, lovers and strangers. This conclusion is easy to draw yet, it only skims the surface of the true issue at hand.
Whatever you think of the materials leaked, the larger issue at play in "The Snappening" is how the public relates to, understands and uses public Internet architectures. If anything, "The Snappening" should serve as a beacon call for greater Internet security practice enlightenment.
In this version of "How the Internet Works" we cover public Cloud architectures and the need for increased Internet security practices learning.
Part of the confusion held within cloud security issues stems from how the public has been sold Cloud Computing technologies. The vast majority of cloud marketing efforts stick with marketing the "Cloud" as a general tech service without explaining the various layers and infrastructures of cloud technology. In a previous article, I touched on how the layers of the cloud - PaaS, SaaS and IaaS - work however I didn't touch on the difference between the public cloud, the private cloud and the hybrid cloud.
So, first things first, there are three major "flavors" of the Cloud. The public, the private and the hybrid.
The Public Cloud
As the name suggests, the public cloud is web architecture which focuses on mass level applications and communications tools all stored and recalled from "public" cloud servers. These servers, housed in a data center, are public in the sense that they store data from millions of people and millions of connections. By their nature, the public cloud is more susceptible to hacks, leaks and security flaws than a private solution.
A few examples of public cloud applications are Facebook, Twitter, Snapchat, Gmail, Hotmail etc. The app data is accessed via a publicly accessible web server wherein application data and user data (device type, personal input data) is sent back and fourth between origin and user.
The Private Cloud
As the name suggests, the private cloud is web architecture which is deployed behind more stringent firewall regulations. For a company using a private cloud deployment, their architecture is deployed behind their corporate firewall in an effort to avoid any leaks or security flaws. A private cloud, much like a public architecture, is accessible via multiple devices with access to the Internet however unlike the public cloud, access to private architecture requires blocked encryption via secure tunneling protocols (more commonly known as VPN - Virtual Private Networks), organizational security device controls and encrypted password trust certificates.
The effort to secure a private cloud network is made to ensure data security/software security against outside attempts. This isn't to say private architecture can not be bridged. It can. However breaching a private network requires smarter work on behalf of hackers.
The Hybrid Cloud
As the name suggests, the hybrid cloud is a joint architecture between public and private deployments. Typically utilized by corporations who develop public facing software (public cloud) while storing that data behind gated firewalls (private cloud), the hybrid option allows flexibility of data management, location of data storage and more granular control over data access via firewall encryption methods.
Quick Summary: There are three types of cloud architecture:public, private and hybrid. The major issue at play as concerning "The Snappening" revolves around the public's understanding of the public cloud - not the private or hybrid architectures.
To understand why public cloud applications like Snapchat are so vulnerable to hacking, you first need to understand the scope of applications, the amount of traffic certain applications draw and how public infrastructure becomes porous.
One of the major reasons why the public cloud is highly receptive to hacking attempts is due to the nature of how it is deployed and what it is deployed for.
Think about it for a second: the public cloud works by deploying applications, programs and hardware in a public data center which is then accessible to millions/billions of devices by way of the Internet. To accommodate for all devices and the sheer volume of incoming/outgoing traffic, public cloud architecture has to be setup to accept the widest possible set of access points. This means it has to accommodate traffic coming from different mobile devices and different stationary computer devices all the while trying to route out any potentially dangerous traffic carrying phishing attacks and the like.
The scenario is akin to an open border wherein border agents are trying to route out singular threats amongst a crowd of millions. Something negative is eventually going to slip through for the sole reason that if the system were set up otherwise, millions of friendly traffic inquires would never be allowed in. The problem is routed in essential infrastructure architecture.
To get a better idea of traffic volume, on New Year's Even 2013, Snapchat accounted for a 12% total of all Internet traffic in North America. Let's say that again, on New Year's Eve 2013, Snapchat accounted for 12% of all North American Internet traffic. That's massive.
It should come as no surprise than that a SINGLE network which has the ability to draw 12% of the total North American Internet traffic on a single night can be hacked by a single, if not multiple, attempts. Talk about a needle in a haystack. It's a verifiable network security nightmare.
All this said, what can we do about it? With millions of Snapchat accounts hacked and private photos floating around online, what can the public do about it?
The biggest issue at hand here is how the market interacts with the "Cloud", i.e. public cloud architecture. As such:
The first major fix needed is to bring the architecture difference to the market. To explain how public, private and hybrid deployments operate and to put emphasis on most consumer applications are routed through public - less secure - infrastructure. The public needs to understand not only the application(s) they are using, but the network that application functions on and the security concerns that infrastructure carries with it.
The second major fix is to change the relationship that users have with applications and devices. This is to say, the perception that a photo taken phone, their tablet or their web cam means that photo is safe needs to change. Internally stored hard drives are susceptible to hacking and security compromises. Moreover, the perception that public applications, like Gmail and Snapchat, provide firewall access and secured data transit avenues needs to change. The perception instead should be all public applications carried via public architectures are unsafe and prone to mishaps. Furthermore, users shouldn't think their local hard drives are safe either. With connected devices, the device hard drive is accessible via various techniques and can be bridged/siphoned off.
The last major fix is to understand the type of content users share and how that content can, in the future, be compromised toward public persona. This article opened with the much fought against notion that the victims of hacking should know better. That in effect because the type of lurid content victims shared was shared in the first place, that content makes users culpable for the eventual theft. This notion is absurd however the idea hits on a major point: in the light of day, content type matters.
To fully appreciate public cloud application vulnerability, the type of content shared must first be vetted for how that content reflects on the user. Don't mistake meaning, the victim isn't at fault for leaked photos.videos yet the victim should think about how the content reflects on their public persona. If the content isn't something you want out there, it might be worth not sending it over public cloud networks for the sole reason that it is vulnerable to theft.
Remember, if you like this content and want to chat about it, you can reach me at the following social spaces:
Part one of "How the Internet Works: TCP/IP, Trace Routes and Hops"