Cloud Storage: Is it Secure?

Category: Backup , Cloud

Are you using cloud-based services like online backup, webmail and document sharing? Most people don't know much about the safety and security of cloud computing. Are your files and sensitive data safe and secure in the cloud, or are they vulnerable to hackers and other threats? Here's the scoop on cloud storage security...

Is Your Head in The Clouds?

Cloud computing – storing data and using application software "out there" in the cloud of Internet servers – is becoming more and more common. See my related article Eight Free Cloud Services You Should Know About for some examples of popular cloud services. But are they safe? Can you trust some company on the other side of the wire with your business or personal data? Can you depend on software that isn't on your computer to be available when you need it? What are the risks of cloud computing, and how can you mitigate them?

The first risk you run is being cut off from your computing resources by some breakdown in communication between you and them. But that's rather unlikely, really. The Internet was designed to route data around broken communication lines, crashed routers, and other obstacles. Unless you live in a country with a totalitarian form of government, the Internet tends to be self-healing, unlike your desktop computer. So before fuming at your cloud storage provider for going down a whole five minutes, estimate how long it would take you to obtain and install a new hard drive, then restore everything from your local backup. Half a day, at least?
Cloud Storage

Oh, and you DO have a local backup, right? If not, see How I Got Hacked... And Why You MUST Have a Backup! for a cautionary tale, and Hard Drives Are Not Forever to learn more about options for backing up your important files.

Risks of Cloud Storage

Data theft is a second and more serious risk of cloud computing. It's not that cloud-computing providers are sloppy about security. They're more conscientious about it than many large enterprises and most small users. But the bigger the castle, the more barbarians there are at the gates. As more companies deposit their top-secret data in cloud-computing providers' castles, more hackers turn their efforts to breaching those high walls. It's a never-ending battle, but fundamentally no different from you versus a lone hacker -- and most home users are no match for a skilled hacker.

To those who say "I would NEVER put my files out there on some cloud server... they're much safer on my hard drive," I say the following. Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software? You can bet your cloud storage provider has all that and more in place to safeguard your data.

Government monitoring and seizure of data is a third issue with cloud computing. The European Union has strict, high standards of privacy protecting citizens against government intrusion into their personal business. Not so in the United States, where the law gives government agents enormous latitude to spy upon and seize personal data, if they can get their hands on it.

And it's always possible that your cloud-computing provider will go out of business. But in the event that a popular, reputable cloud storage provider was planning to shut down their service, they whould provide ample notice and opportunity for customers to retrieve their data. In the unlikely event that a cloud provider suddenly goes dark, what happens to your data in that case? Well, you should be keeping local backups, or engaging a second cloud-computing provider to back up your data for you.

What About Encryption?

Popular cloud storage services like Microsoft Onedrive and Google Drive will encrypt files as they travel between your computer and the cloud servers. So you don't have to worry about some hacker or wifi sniffer peeking inside your spreadsheet as it zips along the information highway. Your files are protected by strong physical security measures, but they're not encrypted while they're stored on the Microsoft or Google servers in the cloud. There are good reasons for that, however. If the files were encrypted in the cloud, you couldn't easily view them over a web interface, share them with other users or do collaborative online editing.

If you want to handle the encryption on your own, my article Encrypt Your Hard Drive discusses TrueCrypt and some other options for encrypting your files. This can work well if you want to use a cloud storage option that doesn't offer encryption. See Ten Free Cloud Backup Services to learn how to access over a terabyte of free online storage.

Dropbox does take the extra step of encrypting user files with SSL (Secure Sockets Layer) and AES-256 bit encryption, once they've been stashed on the cloud server. That gives you the assurance that if Evil Hackers were able to break into Dropbox, they wouldn't be able to read your scrambled files. But the caveat is that Dropbox itself has the decryption keys needed to unscramble the files. This quote from the Dropbox security FAQ explains why:

"We do have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access. In addition, we employ a number of physical, technical, and heuristic security measures to protect user information from unauthorized access."

If you're uncomfortable about the lack of encryption for files in SkyDrive or Google Drive's cloud storage, or you just don't trust the server-side encryption that services like Dropbox offer, you do have another option. With client-side encryption, you can encrypt the files BEFORE they leave your hard drive, and you control the decryption keys. Most cloud backup services such as Mozy, Carbonite and iDrive offer you the option to use a personal encryption key so that your files are encrypted before sending to the offsite cloud backup, and only you can decrypt them.

Cloud computing is definitely here to stay, and its benefits are compelling. You shouldn't avoid cloud storage services because of imagined or falsely inflated fears, but you should be ready to deal with the real risks.

Are you storing files in the cloud? Got comments or questions about cloud storage? Post your thoughts below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 4 Nov 2014


For Fun: Buy Bob a Snickers.

Prev Article:
NEW: Amazon's Fire TV Stick

The Top Twenty
Next Article:
Geekly Update - 05 November 2014

Most recent comments on "Cloud Storage: Is it Secure?"

Posted by:

Eli Marcus
04 Nov 2014

Bob, I beg to differ on the question of connectivity - I don't see the internet as being quite as robust or "self healing" as you say. Maybe it's the fact that I'm in the Middle East and not North America, but I find that although the internet responds just fine a good part of the time (at least 75%), those times when you need it most and it doesn't respond are the most frustrating. Connecting both at home (currently at 15 Mbps ADSL) and at the office (connection varies, probably in the 18-40 Mbps range) there are frequent times when the internet simply does not respond at an acceptable rate - things slow down to the point of stalling, freezing, losing the page or the connection... Add to that the fact that many portals have convoluted or inefficient login systems, which often become the stopgap to connecting - for various reasons that may be my fault as a user who needs to remember 100 passwords (I now started using a password safe app), or the fault of the portal not having a good login interface or mechanism...
So, as far as I'm concerned, the Cloud is not something I can depend on for reliability.
As far as data security on the Cloud goes - I don't trust any of the portals to be absolutely secure either, as many breaches in recent years have proven.


Posted by:

Marcy Crossman
04 Nov 2014

A friend of mine just lost her husband. He used the cloud for storage and she has no idea how to access the info/pictures stored there - or even where the cloud is, for that matter. What happens to the info stored there? And is it really a good idea to put stuff there without telling someone how to get to it?

EDITOR'S NOTE: Everyone should have a plan to pass along important login/password credentials in the event they die. If you friend has access to her husband's email account, that should provide a clue as to which cloud service was used. From there, she can open the relevant website and use the "forgot password" option to recover the account.


Posted by:

ST channing
04 Nov 2014

Bob, do think the encryption features available in Winzip, 7zip or Winrar using passwords as keys are good enough?


Posted by:

Dianne Parham
04 Nov 2014

What I think is all these corporations that offer cloud storage also have access to any and all files they are storing, and thus have the power to suck information out in order to sell to the highest bidder. Google has done that in the past with emails and documents and images. I have no doubt the other corporations do the same in pursuit of revenue. Nothing is really free. The cost, in this case, is our privacy. If you don't care about that, then by all means trust corporations that don't care a fig newton about you.

P.S. anyone who cares should include language in their will and Power of Attorney for the access to digital data no matter where stored. It will save headaches later on. Here's a sample: http://www.thedigitalbeyond.com/sample-language/


Posted by:

Peter Ballantyne
04 Nov 2014

Hi Bob. Brilliant timing with this article. Have just started using Google Drive as my on line backup system (and yes, I do keep a local backup as well). I am fortunate that although I live in a small rural town in southern New Zealand my internet is VDSL and unlimited and very reliable. My only question mark was over the security of on line storage and you have just neatly clarified that for me. My impressions so far are generally good and I will be using the cloud for the foreseeable future. Once again, thank you for making your huge experience and expertise available so freely for us. Kind regards, Peter


Posted by:

Greg Duncan
04 Nov 2014

Hey, love your Site. I have gotten a WD cloud for my home network. I can access it anywhere. If my computer goes down I got all my stuff.


Posted by:

Ivan
04 Nov 2014

Well everyone has a opinion and I guess some of those opinions are here. Some need to learn how to use things and some think they know how to do it, some do not believe the internet is all that self healing and others think it is great, as for myself I am somewhere inbetween.

Have a good day all......


Posted by:

The Barking Unicorn, Denver CO
05 Nov 2014

Bob covered "digital estate planning" a few months ago; Google offers it for free.

http://askbobrankin.com/do_you_have_a_digital_estate_plan.html


Posted by:

carmen
05 Nov 2014

A while back, I used Google Drive to store some of my sister's files and photos while I was reformatting the computer. I had intended to remove them soon after because my sister "didn't trust the cloud," but I left them there. She recently had her laptop go black and she was pretty happy her files were still on the cloud (and now it will be much easier to get her to back up!).


Posted by:

MmeMoxie
06 Nov 2014

Bob, you have given me, lots to think about. Oh, I have been using a "Cloud", with my Android Phone. Not bad, at all, I must say. However, I haven't felt the need to use a "Cloud", for any of my computer backups.

Now, I do have a 3TB Seagate External Drive, which does a bang up job, of backing up my computer. My computer only has a 1TB Hard Drive on it, so I have plenty of room, to expand. As for my Emails, I do use Outlook, not a Web based Email service ... So, I do need to think, of a way to preserve the important ones, like Lease Agreement, Bill receipts, Insurance copies, so on and so forth.

The computer savvy readers, know that a Web based Email server, is basically on a cloud, anyway. That is why, when your computer crashes and you lose everything, at least you can retrieve your Emails. Where with Outlook and Outlook Express, you would lose the ones you "saved." Now, that is something to be said, for Web based Email Servers. I am talking about the FREE Email Servers, like Outlook.com, which is the main Email Server for Microsoft. If, memory serves me right, you only have to "check in", every month or two, to keep your Email active.

One of the biggest issues, with using a Cloud, is the amount of Gigabytes, you can use, without having to pay for it. I guess, I am talking about FREE Cloud services. Some of the pricing for using over 10 GBs is just too expensive, for my budget. But, for Email backups, in addition to my External Hard Drive, 10 GBs would do just fine. Emails don't take that much data, to save.


Posted by:

Glenda
08 Nov 2014

I don't have a problem with using cloud storage. I use Amazon cloud, I decided I'd pay $10 per year for 20 GB. Could not be bothered with worrying about file size etc, I just put whatever I want there without hassles I love it.. I also have an external drive where I put my backups on. Cloud drive is no more insecure than doing your banking online.
Thanks for the very informative newsletters Bob! I look forward to each one!


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Cloud Storage: Is it Secure? (Posted: 4 Nov 2014)
Source: http://askbobrankin.com/cloud_storage_is_it_secure.html
Copyright © 2005 - Bob Rankin - All Rights Reserved