Safe environment for users will require co-operation between devices, providers and software writers: expert.

From the iCloud breach that saw nude images of Jennifer Lawrence and other celebrities leaked online, to "The Snappening" that resulted in thousands of private Snapchat images being released by hackers, 2014 did a lot to raise public awareness of cloud technologies.

These high-profile breaches inevitably gave rise to increased anxiety and trust issues around the robustness of cloud-based services. But how much should you worry about using the cloud, and is it really any less secure than storing all your data locally on your PC or phone?

"The cloud" is a nebulous term that describes the vast mass of internet-connected computers, on which people or companies can rent processing power and data storage. It is used for everything from hosting websites to storing archives to running huge data-crunching operations.

There are three main "public cloud" providers - Amazon, Google and Microsoft - which between them support a wide array of online services and businesses, from Netflix and Foursquare (Amazon) to Coca Cola and Ocado (Google) to Heineken and GE Healthcare (Microsoft).


Using a cloud service generally means whatever data you choose to share will be processed and stored on computers owned by one of these firms, and they will be responsible for keeping that data secure from hackers or other parties wanting to get their hands on your information.

But the main problem with the cloud from a security perspective is that these huge banks of computers containing reams of data act as honeypots for hackers, because the reward for getting inside is far greater than breaking into a single computer. Cloud providers have to ensure their protections are extremely strong.

Generally, the level of security applied to information varies depending on the sensitivity of the data, so government documents and valuable intellectual property will be protected by extra layers of security compared with everyday consumer documents and photos, for example.

In some cases, cloud providers may have to prove they comply with various security standards and protocols for firms or public sector bodies to agree to use their services.

Microsoft, for example, recently became the first major cloud provider to adopt the world's first international standard for cloud privacy which provides enterprise customers with multiple assurances that their privacy will be protected. One of the arguments in favour of the cloud is that these security protections are much stronger than anything the average consumer would be able to use to protect their own data.

"When I think of the data centres that we're running, it starts off with just physical security - making sure the buildings are secure, the alarms and the guards and all the rest of that," said Jason Zander, corporate vice-president of Microsoft's cloud platform, known as Azure.

Zander also pointed out that cloud providers such as Microsoft run both consumer and enterprise applications in the same data centres, so in some sense at least, consumers are receiving the same basic level of protection as enterprises.

"We are running the same core software, we have the same set of security teams and protocols. So from that perspective, we're bringing all those exact same controls in," he said.


"Azure has additional certifications that are established by governments or by industry sectors, so there is an above-and-beyond level of certification that we do go after in the enterprise space, but all the core stuff is basically going to be the same."

So given the robust protections, why do cloud data breaches happen?

Zander said the complex nature of cloud infrastructure meant the cloud was only as secure as its weakest link.

Anyone who downloads a malicious app on to their computer or smartphone could potentially introduce a vulnerability to the cloud next time they log in using that device.

"In some of the cases, like the iCloud hack, it had nothing to do with the cloud actually. If you can unlock the phone, you have access. So they weren't actually cloud hacks, they were device hacks," he said.

"It's going to take co-operation between the devices, the cloud vendors, the software writers, the people that write the apps that go on those. Everyone has to do their part in creating a secure environment."

While using cloud services means you are essentially relying on a third party to protect your data for you, the cloud is so much a part of the online ecosystem it's hard to avoid.

Facebook, Dropbox, Netflix, Spotify - almost any web-based service you can think of uses the cloud.

As the so-called "internet of things" becomes more ubiquitous, the majority of smart home and smart city applications will also rely on the cloud for processing data.

But consumers owe it to themselves to find out what protections the cloud services they use have in place, and make informed decisions about what data they are willing to share.

Data safety a major worry, poll shows

Almost half of British consumers are worried their personal data is not safe, research shows, with 59 per cent claiming to have experienced a data protection problem in the past.

According to Symantec's 2015 State of Privacy Report, 53 per cent of people avoid posting personal data online to try to protect their privacy, while one in three people give fake personal data so their real information remains private.

Across the EU, retailers and social media companies are the least trusted, with less than a quarter of British consumers claiming to trust retailers to keep information safe. Medical institutions, followed by banks, are considered the most trustworthy with personal data.

Despite this, online shopping is still growing, and only one in five takes the time to read terms and conditions in full before sharing personal information and 36 per cent of online users say they are willing to trade in their email address for monetary benefits.

However, Symantec warned that it would be just a matter of time until security concerns caused a reduction in this type of online activity.

Peter Cochrane, an industry analyst, said: "Customers will certainly migrate to those companies and services that they consider to be safest."

Ilias Chantzos, senior director of Symantec government affairs for Europe, said businesses needed to be more transparent with customers on how they were keeping data secure.

"Security needs to be embedded into a company's value chain," he said. "But it should also be viewed internally as a customer-winning requirement, and not just a cost."

In the cloud

• Microsoft recently became the first major cloud provider to adopt international security standards for the cloud.

• Privacy breaches are more commonly from devices, not the cloud.

• Ensuring complete privacy will require co-operation between all industry players and users.

• The internet of things will boost the need for cloud security.

- Telegraph Group Ltd