What the Equifax Breach tells us about cloud security

Equifax reports an intrusion into its system which “may have” stolen the data on up to 143 million Americans, including name, address, SS#, and Drivers license number. This is a terrible lapse in security, and, on paper, it should not have happened.

Equifax is a large and profitable company, whose central business is secure, trustable data management and processing. Preventing this type of cyberattack should be one of their most important goals. And yet, it happened. What can photographers and collection managers who use cloud services learn from this?

It’s impossible to know the real story from outside
The first thing to learn is that, as stated above, looking at a company from the outside can’t provide a guarantee. It’s hard to find a company that should have a better security practice than Equifax. They are not a startup prone to pivot, or running out of funds, or a company for whom security is a second tier issue. Yes, they make all kinds of mistakes in their reporting, but that’s an inherent part of gathering up trillions of individual transaction reports from many different sources.

If it’s hard for Equifax, it’s even harder for you
It’s getting reasonably common to hear that cloud service companies get breached, It happened to Adobe,  Yahoo (x3, at least!), and many more (click the link above for fun). But this does not mean you should just manage all your cloud security yourself. The vast majority of people (and institutional IT), simply have no idea how to fully protect from attack.

Cloud services have become essential in the creation, use, storage and management of photos and other media.  Unless you are going to go off-grid (start by throwing away your smartphone), you’re going to have to live with a certain amount of risk. The entry points for hacking are exploding. Now your fridge, car, connected camera, and smart lightbulbs can all be attacked by Internet of things (IoT) exploits. It’s going to get even harder to prevent cyberattacks as IoT grows.

So our best strategy is to become more resilient. Here are some tips.

1. Centralize all of the media you want to keep. Preserving your stuff starts with knowing where it is. If it’s spread between a phone, your laptop and across half a dozen hard drives, it’s impossible to really manage safely. You can now cheaply buy hard drives up to 12 TB. There is no excuse not to collect everything you want to keep.

2. Keep a local copy of any photos or other media you want to preserve. This means you need a copy of your photo archive on local drives, in your possession. Anything you have that is only stored in a cloud service is at some level of risk, and accurately determining that risk is beyond your ability.

3. Keep at least one copy of your data offline. For most people, that means copying your photos and other important data to additional hard drive(s) and unplugging. This is a backstop for all kinds of terrible things, not just cyberattack (lightning, theft, etc.)

4. Consider write-once media. While DVD and Blu-ray are fading from the media storage landscape, there is still a compelling reason to consider them. Photos stored on write-once media can’t be infected after-the-fact. If you think you have too much data for optical disc, consider the fact that Facebook has built a cold-data archive in North Carolina that employs Blu-ray (for the exact reasons outlined above).

5. If something is really sensitive and it needs to be stored in the cloud, you probably want it to be encrypted on the client side. (This means that software on your computer holds the encryption key, and the cloud service only has a scrambled copy of the data). Note that when I say really sensitive, I mean stuff that is life or death, or has a major financial component.

Backblaze is a service that provides client-side encryption. It’s not totally bulletproof, but someone would probably need to know exactly what to look for. Note that an encrypted cloud backup like Backblaze can also help to protect you against ransomware, like the May 2017 WannaCry attack, which is a growing problem.

6. Take a look at the cloud service providers you use. 
Even though you can’t remove all doubt about your cloud service providers, you can make some educated guesses. Does there appear to be a sustainable business model? Am I paying enough for this service to care about my security? Does a google search bring up anything hinky?

If you take these steps, you can help protect the integrity of your photo collection against growing hazards. You may not be able to prevent intrusion, but at least you can recover from it.

Progress on DAM Book 3

As promised, I’m providing a significant update on The DAM Book 3. The book is moving along quite well, although significant work remains. We are setting a very conservative release date of November 22nd. We may be able to move this up as the writing and layout moves along.  I also promised a look at the Table of Contents, and you can find it here.

I’ve spent the last two months working to integrate the new elements of the digital photography ecosystem into a cohesive discussion of how the parts interconnect. I’ve also done lot of work to disentangle stuff that looks similar, but has important differences.

For instance, how is a synced filesystem utility like Dropbox fundamentally different than a cloud library service like Libris, and what is each one good for?

I’ve also spent a good deal of time speaking to the many experts I know in the field of imaging, testing my assumptions, and checking to see if I’m missing any big elements in the ecosystem.

With the scope and structure locked down, and all the old copy redlined and commented, I’m entering the home stretch. Now it’s time to finish the execution. Some chapters are basically done, and some are still in outline form. I expect that we’ll see some small changes in the Table of Contents, but those changes should be minor.

We’re still running our Dam Book 2 special. Buy The DAM Book 2 for $19.95 and get $15 off The DAM Book 3. At some point in the next month or so, we will start discounted pre-sales for The DAM Book 3. Sign up for our mailing list (on the top right of this page) to stay up to date on our special offers and release dates.

Nikon D850 – Built as a scanner?

The Nikon D850 has been announced, and it looks like a heck of a nice camera. The headline stuff includes everything we’ve come to expect from the next magical generation of digital SLR cameras – 45 megapixels, 7 frames per second, ISO 25,600, 8k video, touch screen, and so much more.

But tucked away on page 85 of the PDF brochure is this: a negative digitizer! Apparently the camera has a built-in algorithm for flipping negatives positive.

Some seasoned photographers may be exploring ways to convert their film assets created with old cameras into digital data. Taking advantage of its high-pixel count of 45 megapixels, the D850 offers an option for digitizing film (35mm-format), which can handle color and monochrome negatives. First, set an optional ES-2 Film Digitizing Adapter onto a lens such as the AF-S Micro NIKKOR 60mm f/2.8G ED attached to the D850. Then, insert the film to be digitized in an FH-4 Strip Film Holder or FH-5 Slide Mount Holder, and shoot. The camera’s digitizing function automatically reverses the colors and stores them as JPEG images. This once time-consuming process involving a film scanner can be done much more quickly. You can enjoy pictures with family and friends while selecting and digitizing by displaying them on a large TV monitor connected via an HDMI cable. Enjoy your old film images by digitizing them with the D850.

There are several items above that I’d love to test. If it could handle color negatives reasonably well, this could be a major workflow improvement for camera scanning.

And I don’t really like the ES-2, but there’s no reason not to use a rail system or copystand /lightbox .

In any case, it’s very exciting to see Nikon acknowledge this missing market niche, especially when so many photographers have mourned the loss of the Nikon scanner line.

Photo Scanning Webinar

Scanning Photos With Your CameraDigitizing Your photos - a guide to photo scanning with a digital camera

September 13th, I’m presenting at B&H’s Event Space in NYC to share techniques from my new book Digitizing Your Photos with your Camera and Lightroom. You can come see it live if you’re in New York, or see it on the web.

I’ll be presenting material from my book on scanning photos with a digital camera. In the webinar we’ll cover:

  • The camera scanning advantage
  • Hardware setups for scanning prints, slides and negatives
  • How to ensure top quality
  • Using Lightroom for camera scans
  • Tagging your images
  • Publishing and sharing your scans

When: Wednesday, September 13, 2017, 1:00p – 3:00p
Skill Level: Basic, Intermediate, Advanced – Everyone will get something out of it
Location: B&H Event Space
Address: Second Floor of B&H NYC SuperStore at 420 9th Avenue, New York NY 10001

Register Here

FYI
All of their events are FREE!  If you want to guarantee a seat for an event, please register ASAP. Their events can fill up fast.

Can’t get to NY? The event will be streamed. Register to watch online.

Not available on the 13th?  B&H will post the video on their website.

Other questions? See B&H’s FAQ for Event Space details.  

 

New high-CRI lights for film scanning

LED lighting is a fast-moving product landscape, with prices plummeting and quality increasing faster than anything I’ve ever seen in photography.I was over at B&H last week getting things all set up for my September 13 presentation at the Event Space. I took the opportunity to look at the LED lights on display. I found a nice little unit from Dracast that should be great for camera scanning transparencies on a rail system. At $68, it looked well made. Even better, it listed a CRI number of 95, which is a very high quality light for the price.

I was talking to Gary on the sales floor, and I wondered if this light was really 95 CRI. He smiled and said he’d be back in a minute. When he returned, he had a $2200 Sekonic C‑7000 SpectroMaster Color in hand. “Let’s find out” he said. We took readings of the light, and, sure enough, it showed a CRI over 97.

I’m going to buy one of these lights and take it for a spin. Note that because this light is designed to be used on-camera, it does not come with an AC adapter. I checked with the company and they tell me it takes a 12 volt 10 watt power supply. I have a bunch of old 12 volt power supplies lying around, so I’ll test with these when the light arrives.

Note, there are several variations of the Camlux light from Dracast. For camera scanning, I’m not interested in the bicolor, but they would be useful for shooting. These come in daylight or bicolor. Here they are linked.

160 LED Bicolor $69
160 LED Daylight  $68
160 LED Bi-color with battery and charger $89

ASMP Webinar July 26 – Digitizing Photo Archives

I’m happy to be back in the ASMP fold, doing a webinar next week on digitizing photo collections. Of course this will be based on our new book, Digitizing Your Photos, but with a special emphasis on the relevance to professional photographers.

I’ll be demonstrating how camera scanning can allow for large-scale conversion of film and print originals to digital images, which is important for those of us who have large film archives. I’ve digitized more than 50,000 of my own images, and continue to add new images.

I’ll also be touching on business models that photographers can consider for new services for their clients. There are a lot of companies and institutions that have large collections of physical photos. I’ve been able to help some of my clients with the process, as part of my professional services. I’ll discuss some business models for adding these services.

Rail System for copying film – DYP Movie of the Week

This video from Digitizing Your Photos  outlines two related types of film copying equipment – rail systems and bellows systems. I’ve been using these systems for more than a decade to digitize large amounts of my own film. They are fast to use and relatively easy to set up for a photographer experienced with lighting.

At the moment, these systems are do-it-yourself, but we’re working on finding someone to produce them commercially. In the meantime, we’re about to start renting ones I personally own. Click here to find out more.

DIGITAL ASSET MANAGEMENT FOR PHOTOGRAPHERS