Monday, August 15, 2011

Office 365 and Google's cloud services could be reducing the security of an organisations information.

A number of years ago I was asked to quote on a some work for a company offering security services to a major company. Through our discussions I was quite surprised the email address was the same address used by the user to remotely access their computer services. In fact they were very proud of their systems and the ability to log in from anywhere in the world. To me I felt this was a significant exposure. With the email address known publicly the only piece of information required to access their systems was a password. To me that was too big an exposure.

Fast forward about ten years and in my review of Office 365 I’ve been struggling to set up a user and use what is known as an alias as the public email address. From what I can see the user’s email address is their username. Once again the only piece of information required to access a user’s information is a password. I can’t find a way where the users email address is not shared.

Once I realised this I started to realise this is true for the majority of the online services and how people use them in general. Google’s services use the email address as the username. Again all that is required is the password and you have access to all the material stored online.

To me this simply isn’t good enough. The username to sign on and administer or use an account should in my opinion not be a public email address.

There is little wonder so many peoples’ online accounts are getting hacked. If hackers need to determine both the username and password this reduces the chance of being hacked considerably. Giving hackers half the information is significantly increasing your exposure.  Recently quite a few hacked password databases have been made public and it is surprising how many people use similar or easily determined passwords.

With email my actual account username is not made public and all the public ever see is an alias. This is a much safer way to work. With cloud services now offering your spreadsheets, your documents and your systems as well as your email, the amount of information you are now starting to share online has increased significantly and you should make sure you are fully aware of the exposure.

If all that stands between your information and a hacker is a password, then I’d be worried.

Kelvin Eldridge


No comments:

Post a Comment

Note: only a member of this blog may post a comment.