If you haven’t heard already, the world has become obsessed with a new augmented reality game called Pokemon Go. Drawing from the popular TV show of the 90s, the game (which is played via mobile device) allows its players to capture Pokemon, train them and battle them. The hook is that in order to find the little creatures, users must get out into the world and explore their neighborhoods. Sounds like a great way to get people off of the couch, right?
Unfortunately, Pokemon Go users are reporting a major security risk in the app. There are only two options to sign into the game: Use log in credentials from the home site, Pokemon.com, or use your Google account. At the time of launch, however, the game grew so popular so quickly that the Pokemon.com site stopped accepting new users, meaning Google was the only option.
Signing in with your Google account means giving Niantic, the developer of the game, full access to your Gmail, Google Drive, Google Maps, Google Photos, etc. If Niantic wanted to, they could read and send your emails, view your search history, look at your photos, and generally access all of your Google-related data.
From a security standpoint, this is a perfect example of why mixing business with free consumer-grade options is never a good idea. Systems like Google leave your company’s information vulnerable to not only malicious attacks from hackers, but from overreach by data collection companies. In fact, they are designed specifically to collect data from users.
Before moving your business to the “Cloud,” make sure that in doing so you aren’t exposing your business to vulnerabilities such as the one that occurred with the Pokemon/Google integration. Most cloud solutions that are implemented result in countless cloud products from various cloud companies “glued” together. In taking this approach, you are leaving yourself exposed to holes in the connections between the clouds – particularly around data access and data control.
Just remember to pay attention to who you’re giving access to your data, regardless of whether you’re trying to catch Pikachu or run your business efficiently. Don’t leave your data exposed so it can be stolen without the proper measures in place to prevent it. Engage a cloud company that has products that work together and have been designed with the business in mind.