Is the Cloud Always safe? And How Can We Ensure Our Privacy?

Compaas is a new startup working in the field of security, privacy and cloud computing. We had the opportunity to chat with Compaas CEO Adam Moisa, about the history and features of Compaas – an innovative management program that allows secure file sharing on the Cloud.

First of all, Adam, how did you come up with Compaas? Was it in response to a real-life problem you faced?

Adam Moisa: We originally worked on an application named Agora. With Agora you could manage multiple Cloud accounts; if you have a Dropbox or Google Drive, you can log in and manage them from one spot. Agora is considered a third-party tool used on top of the Cloud. It asks for a lot of invasive permissions when using it, giving you a lot of tools, but also requiring the ability and the authorization to manipulate the information in your files. We made it explicitly obvious this was what we were doing. But, nevertheless, we figured out that people with employee emails from worldwide popular brands were signing up and were authenticating their Cloud with our tool. We were surprised considering the number of permissions we asked for to use all the tools Agora offers.

From there, we started to investigate the area of third-party applications and employee negligence. We realized it is a huge problem. Employee negligence affects any business no matter what size – big, medium or small. In the Cloud this becomes very dangerous because there is the ability for an employee to make something sensitive accidentally public. The Cloud is fantastic; it means increased productivity, and it is easy to use, learn more about how cloud connection can help businesses. It enhances the way your team works, but it does put a lot of power into the hands of the user. It is scary because when managing corporate documentation on Google Drive, and if using it with a third-party application, the file could be made public without the user even knowing.

Continuing to look into the market, we noticed there was a big problem and there was no tool to help protect SMEs against such negligence. There are other tools but in our opinion they are very tricky; they have a lot of gadgets and they are also very expensive. They are great tools but they are built for 10,000-employee companies, at a high cost. There’s nothing serving the SME market, which is also plagued by employee negligence and needs to be protected against it. No matter what size your business is, if you are using the cloud without Compaas it’s like driving without a seat belt. We made it easy to use, and in a way that anyone can protect from employee negligence; we priced it in a way that SMEs would be able to afford it.

PHOTO CREDIT: Compaas Lab

During our conversations before this interview you were actually showing us how easy it is to find privately saved files on Google. Files that most likely belong to some cloud drive that has accidentally been set to public. Can you explain this further?

A.M.: The problem with this is that they are actually not private. Anyone can do this. The term we associate with the activity of searching and opening files on Google is “dorking”. Google indexes files that are held on Google Drive or other such services. So if an employee accidentally makes a file public, for example by clicking on the wrong button or if they use a third-party app and that third-party app makes files public like Slack, that file is now potentially indexed by Google and available through a standard Google search. And that’s what we did. If you search for documents that contains a particular keyword, it will show you any file that has that keyword in the Google search result. No matter if you are logged in or not, you can still open those files in an incognito window. When those files came up on our window we all jumped back and wondered “What is that? How is that possible?”

There are so many credit card numbers with security codes, addresses and mothers’ maiden names; it is scary to say the least and it’s all on Google. They don’t just belong to 10,000-employee companies. They belong to the companies we work with: 15-person companies, 100-, 500-person companies. In the SME market, as long as you are using the Cloud, you could be subject to employee negligence, and you need to be protected.

PHOTO CREDIT: Compaas Lab

How does the future look for Compaas? Do you think companies like Google or Dropbox should do more to improve cloud security?

A.M.: Google is a big company, but it can’t cover everything. They need to make the Cloud easy-to-use, ensure that it works, and that it is cost-appropriate. Asking them to focus on employee negligence is too much. Google put power in the hands of people with a tool that is easy to use. That is scary. One out of three files there might be sensitive, and we need to protect that. I wouldn’t throw the burden on Google or similar companies as they have a wagon full of work. Compaas can help them do this type of work.

For a full mindmap containing additional related articles and photos, visit #startup

Don’t you think people should be more aware of these issues with the Cloud? Do you believe increased awareness could lead to a different use of the Cloud?

A.M.: The Cloud is not really going away; it has actually reached its goal. There is never going to be a perfect state where everyone is going to be educated and sensitive files will never be a problem. We’ll never get to that point. Because we work fast and more importantly we use apps in conjunction with the Drive. There are an average of 730 third-party applications connected to a drive, and 94% of these are not enterprise-ready. Every company takes the time to find which apps are most useful, but they can’t control every single employee’s activity. There’s always going to be an issue of employee negligence, and we are going to be there to help. As long as the Cloud is used, you are going to need an app like Compaas to keep you safe.