It’s the latest cyber-hack that’s the talk of the town.

It was revealed at the beginning of the week that an unknown hacker gained access to 101 celebrity accounts through Apple’s online cloud service iCloud.

Explicit images of celebrities including actress Jennifer Lawrence and model Kate Upton appeared on website 4Chan on Monday.

Original reports suggested that Apple had suffered a data security breach and the hackers had obtained the images due to vulnerability in the software for it’s phone location service ‘Find My iPhone’ since it had allowed unlimited password guesses.

The US Federal Bureau of Investigation (FBI) joined efforts in investigating how celebrity images were stolen.

It later emerged that the hacker had gained access through usernames, passwords and security questions, something Apple said is becoming far too common.

On Tuesday Apple released the following statement: “We wanted to provide an update to our investigation into the theft of photos of certain celebrities. When we learned of the theft, we were outraged and immediately mobilized Apple’s engineers to discover the source. Our customers’ privacy and security are of utmost importance to us. After more than 40 hours of investigation, we have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud or Find my iPhone. We are continuing to work with law enforcement to help identify the criminals involved.”

So just how secure is the cloud?
Although Apple didn’t suffer a security breach it does raise questions to security within the cloud and its processes.

But is this poor security on behalf of some celebrities with a poor choice in passwords or is it that most cloud service provider’s security systems cannot be trusted?

DatacenterDynamics spoke to Pulsant’s head of cloud Russel Ridgley and Dell UK’s cloud strategy leader Gordon Davey regarding cloud security.

Following the hacking into iCloud accounts is this going to cause trust issues with cloud?
“This is just one of several recent security incidents that draw much needed attention to how and where consumers and enterprises share, store and secure their data,” Davey said.

“It appears the data in question was obtained by hacking low complexity usernames and credentials. This should not reduce trust in the cloud platforms themselves, but instead should make users of cloud consider in more detail how they are going to secure their data.”

Ridgley agreed with Davey stating: “It will increase awareness that fundamental security principles that you would use to protect sensitive data at home or in the office are even more relevant in today’s world where everything is connected.”

But how secure is the cloud?
“Two of the top issues around security and cloud really come down to people and process,” Davey said.

“Even with a focus on physical security and geographic location, including secure systems in place on premises, if you don’t have the appropriately trained people and thorough processes in place, data will inevitably leak. In this regard, cloud platforms are no more or less secure than an enterprise’s on-premise systems.”

Ridgley said mainstream services such as iCloud are extremely secure which is why login credentials are now seen as the easiest point of entry.

“The human bit is easily the least secure part of most systems and striking a balance between ease of access for the legitimate account holder and loading up cloud services with many layers of security is becoming increasingly difficult. Unfortunately, it can be very hard to have both,” Ridgley said.

What can be done to protect data in the cloud?
“Fundamental principles of data protection still need to be considered assuming that cloud is becoming increasingly dangerous,” Ridgley said.

“More advanced methods start to require some technical knowledge but technologies like data encryption, though not suitable for all cloud services, can go far to give you the ease of use of cloud but with the knowledge that the data is useless without your encryption key. Two factor authentication is obviously mainstream for online banking now but showing growing popularity in cloud service providers as a way of offering separate ways of authenticating a user.”

Davey agreed two factor authentication could help to protect data.

“In addition, it should ideally be encrypted while at rest, not just while it is in transit.”

What do you do to protect your cloud?
“At Dell we help our customers and our service provider partners build, manage and secure their cloud platforms. We have a broad range of solutions that help protect and secure cloud platforms, ranging from Next-Generation Firewalls and Intrusion Prevention appliances, to data encryption solutions,” Davey said.

“Dell also offers fully managed security services including Security Awareness Training through our industry leading Dell SecureWorks team. In addition, knowing there are many compliance and regulatory issues that must be addressed within different industries, Dell offers a Healthcare Community Cloud and Dell Unified Clinical Archive, for example, that both have strict adherence to HIPPA compliance and very detailed training and documented SOPs.”

“Security of specific platforms remains a balance between showing outward commitment while not compromising the security that is in place by revealing details that make an attack easier. Pulsant is ISO27001 accredited and so has a comprehensive security management system in place which monitors several layers of security including physical security, multi-factor authentication and intrusion detection/prevention technologies, in addition to the internet must-haves like deep inspection firewalling,” Ridgley said.

“Pulsant is also CSA Star accredited – CSA STAR is based on the ISO27001 framework and deals specifically with cloud security and was developed to help cloud users make sense of a provider’s security capabilities”.