The overwhelming response by the media, bloggers, and consumers to Sidekick’s data loss earlier this month was the usual question: Whose fault is this? Many doubts were raised as to whether or not the cloud can be trusted with any valuable information.

What wasn’t addressed in the flurry of responses to the Sidekick news was any indication of a practical course of action. It ignores the two fundamental concerns that everyone shares: Consumers and business users have increasing volumes of data that need to be securely shared with authorized parties, as well as backed up for safe keeping.

The first problem of controlling data access is becoming increasingly complex to address, since information needs to be shared with new categories of users, sometimes outside of the data owner’s control. The second problem of backing up data lies not in the complexity but in volume.

I recently read an interesting article on Computerworld.com by Michael Scalisi called "The Art of Creating Strong Passwords." It discussed how to create secure passwords but took an approach that didn't necessarily reflect best practices. I filed this away until I came across the same article at Threatpost and realized something needed to be said. The "artsy" approach to password security this piece suggests, combined with Microsoft's infamous password checker, misinforms the public on what constitutes a secure password and how they should be created. These suggestions can quickly go from uninformative to plain harmful. In other words: An "artsy" approach suggests using emotions rather than logic. This is hardly a good strategy for information security.

On Monday, Joseph Menn of the Financial Times posted an article titled: Security Experts Find Flaws in Cloud Computing.

I agree that if the cloud vendors don’t get serious about securing critical business information, then the cases like Twitter’s will get worse and worse. The negligence on the part of players like these not only puts valuable information at risk, but also reflects badly on other service providers who have invested in security and provide business grade services. But in the end, clouds are here to stay. The burden will be on both the companies who utilize clouds as well as the media to educate consumers and professionals on the applications that are appropriate – and secure enough – for their needs.

Why is security in the cloud so crucial? The Financial Times discusses a prime example this week, when an employee at Twitter posted and leaked their financials on Google Apps, in the article "Twitter files leaked in ‘cloud' lapse."

Let me disagree off the bat. If this is a ‘lapse' of anything, it is a lapse in judgement by the Twitter employee who put sensitive information on a site that clearly states "THE SERVICE IS NEITHER DESIGNED NOR INTENDED FOR HIGH RISK ACTIVITIES." (See Google Apps' Premier Edition Agreement.) Obviously, this was written in Aesopian language, which in plainer terms says: ‘if you are putting information of any value up here, you are on your own.'

When the U.S. Government Printing Office inadvertently posted a report containing the locations of 266 civilian nuclear sites on its website, it ignited a debate among national security professionals. The question was about the severity of the exposure: Whether publishing what amounted to a blueprint of U.S. nuclear facilities irreparably compromised national security. The report has since been pulled off the website, but nuclear experts continue to debate the risk exposure based on the nature of the information revealed.