As usual, xkcd says more about PC security in one panel than most proficient writers could say in an entire blog post. (There’s a reason we cribbed some of xkcd’s best stuff for our primer on social engineering attacks in the cloud.) At the risk of being superfluous, however, I’d like to expound on this point about authentication.
PC-level security is designed to ensure the security of PC-resident data. Your local antivirus or anti-spyware suite is not equipped to secure your cloud data. The simple act of walking away from a logged-in laptop at a coffee shop, or leaving your unsecured office workstation unattended during a long meeting, could lead to the theft or destruction of all your Salesforce or Google Apps data.
The same rules apply for mobile devices and tablets. Constantly logging out of online accounts and routinely locking devices is indisputably tedious, which is why a surprising number of users don’t bother to lock or log off all their devices all the time. Even the most scrupulous and security-aware among us is bound to slip eventually.
Moreover, even if you would never be so foolish as to let a stranger borrow the iPhone that has logged-in access to your Gmail account, are you absolutely certain that everyone on your Google Apps domain is equally as vigilant? As xkcd taught us, the weak point in all security systems is people.
Well, that and weak encryption. To say nothing of easily guessed passwords. Or passwords that are carelessly reused. Or the false sense of protection provided by Security Theater.
Bottom line: No security system is perfect, and security designed to protect your hard drive can’t and won’t protect your cloud data. If you rely on cloud-based data and SaaS applications, you need a good, SaaS-specific cloud backup plan.
