How Secure (and Private) is Cloud Storage?

Category: Cloud

Today I have an answer to those who say “I would NEVER put my files out there on some cloud server... they're much safer on my hard drive!” If you're thinking about using cloud services like file storage, online backup, webmail and document sharing, you may wonder about the safety and security of cloud computing. The parade of high-profile data breaches in the past year may have some people worried. So are your files and sensitive data safe and secure in the cloud, or are they vulnerable to hackers, snoopers and other threats? Here's the scoop on cloud storage security...

Is Your Head in The Clouds?

Cloud computing – storing data and using web-based software "up there" in the cloud of Internet servers – is becoming more and more common. See my related article Try These Free Cloud Services for some examples of popular cloud services. But are they safe? Can you trust some company on the other side of the wire with your business or personal data? Can you depend on software that isn't on your computer to be available when you need it? What are the risks of cloud computing, and how can you mitigate them?

The first risk you run is being cut off from your computing resources by a breakdown in communication between you and them. But that's rather unlikely, really. The Internet was designed to route data around broken communication lines, crashed routers, and other obstacles. Unless you live in a country with a totalitarian form of government, the Internet tends to be self-healing, unlike your desktop computer. So before fuming at your cloud storage provider for going down a whole five minutes, estimate how long it would take you to obtain and install a new hard drive, then restore everything from your local backup. Half a day, at least?

Cloud Storage

Risks of Cloud Storage

Data theft is a second and more serious concern of cloud computing. It's not that cloud-computing providers are sloppy about security. They're more conscientious about it than many large enterprises and most small users. But the bigger the castle, the more barbarians there are at the gates. As more companies deposit their top-secret data in cloud-computing providers' castles, more hackers turn their efforts to breaching those high walls. It's a never-ending battle, but fundamentally no different from you versus a lone hacker -- and most home users are no match for a skilled hacker.

To those who believe their files are safer on their hard drive than in the cloud, I say the following: Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software? You can bet your cloud storage provider has all that and more in place to safeguard your data.

Google's Cloud Security FAQ, for example, goes into detail about how your data is protected: "Our data centers are built with custom-designed servers, running our own operating system for security and performance. Google’s 700+ security engineers, including some of the world’s foremost experts, work around the clock to spot threats early and respond quickly. We get better as we learn from each incident, and even incentivize the security research community, with which we actively engage, to expose our systems’ vulnerabilities... we undergo several independent third-party audits on a regular basis. For each one, an independent auditor examines our data centers, infrastructure, and operations."

Government monitoring and seizure of data is a third issue with cloud computing. The European Union has strict, high standards of privacy protecting citizens against government intrusion into their personal business. Not so in the United States, where the law gives government agents enormous latitude to spy upon and seize personal data, if they can get their hands on it. Did you know that the Electronics Communication Privacy Act passed in 1986 allows law enforcement to access emails stored in the cloud for more than 180 days without a warrant? (See the "What About Encryption?" section below.)

Another important consideration is death. What happens to your information stored online in the event that you're no longer around? Everyone should have a plan to pass along important login/password credentials in the event they die. In addition to cloud storage, make sure you think about your webmail, online banking and social media accounts. See my related article You Can't Take it With You (Digital Estate Planning).

And it's always possible that your cloud-computing provider will go out of business. But in the event that a popular, reputable cloud storage provider was planning to shut down their service, they should provide ample notice and opportunity for customers to retrieve their data. In the unlikely event that a cloud provider suddenly goes dark, what happens to your data in that case? My advice is to keep local backups, or use a second cloud-computing provider for redundancy.

What About Encryption?

Popular cloud storage services like Microsoft Onedrive, Google Drive and Dropbox will encrypt files as they travel between your computer and the cloud servers. So you don't have to worry about some hacker or wifi sniffer peeking inside your spreadsheet as it zips along the information highway. Your files are protected by strong physical security measures, so they are encrypted both while in transit and "at rest" on the cloud server. However, each of those services controls the encryption key, and could (in theory) access your files. There are good reasons for that, however. Without the encryption key on the server side, you couldn't easily view them over a web interface, share them with other users or do collaborative online editing.

If the shared encryption key issue makes you uncomfortable, or you don't trust the server-side encryption that cloud services like these offer, you do have other options. Using client-side encryption, you can encrypt the files BEFORE they leave your hard drive, and you control the keys.

Boxcryptor is a third-party add-on that works with Google Drive, Microsoft OneDrive, Dropbox, and other cloud providers to provide "zero knowledge" encryption for your files in cloud storage. With Boxcryptor, your files are encrypted on your device before transfering them to cloud storage. Only you can access your data. No third party, including Boxcryptor has the encryption key.

If you want to handle the encryption on your own, my article Is it Time to Start Encrypting Your Files? discusses VeraCrypt and some other options for encrypting your files. This can work well if you want to use a cloud storage option that doesn't offer encryption. Most cloud backup services such as Carbonite and iDrive offer you the option to use a personal encryption key so that your files are encrypted before sending to the offsite cloud backup, and only you can decrypt them.

The downside to these client-side encryption options is that if you lose or forget your encryption key, your files are locked forever.

Cloud computing is definitely here to stay, and its benefits are compelling. You shouldn't avoid cloud storage services because of imagined or falsely inflated fears, but you should be ready to deal with the real risks.

Are you storing files in the cloud? Got comments or questions about cloud storage? Post your thoughts below...

 
Ask Your Computer or Internet Question

 
  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 8 Aug 2022


For Fun: Buy Bob a Snickers.

Prev Article:
Will This Gadget Replace Your Landline?

The Top Twenty
Next Article:
Geekly Update - 10 August 2022

Most recent comments on "How Secure (and Private) is Cloud Storage?"

Posted by:

Colin Isaacs
08 Aug 2022

Hi Bob. My company has an additional wrinkle on this cloud storage issue. We are an environmental management consultancy that has substantial amounts of confidential data provided to us by our clients so that we can provide them with our best advice and analysis. We have entered into Non-Disclosure Agreements with most of our clients and all of these NDAs require that we not copy or transfer the confidential information and data to any other person or company outside of our company. We interpret that to mean that the only place we can store our client's data is on our own servers which are maintained on our own premises. I wonder whether anyone has received a different legal interpretation of the typical corporate NDA?


Posted by:

Colin Isaacs
08 Aug 2022

Hi Bob. My company has an additional wrinkle on this cloud storage issue. We are an environmental management consultancy that has substantial amounts of confidential data provided to us by our clients so that we can provide them with our best advice and analysis. We have entered into Non-Disclosure Agreements with most of our clients and all of these NDAs require that we not copy or transfer the confidential information and data to any other person or company outside of our company. We interpret that to mean that the only place we can store our client's data is on our own servers which are maintained on our own premises. I wonder whether anyone has received a different legal interpretation of the typical corporate NDA?


Posted by:

Sheldon Minkon
08 Aug 2022

On Friday, iRobot accepted Amazon's $1.7 billion offer to purchase the robot vacuum company. If the deal goes through, pending shareholder and regulatory approval, the technology giant will receive a plethora of personal data, including the floor plans of millions of users' homes.In 2021, iRobot reported that over 40 million Roombas ...I rest my case!!! Security is a myth.


Posted by:

snert
08 Aug 2022

there's absolutely positively no way, you're gonna convince me that a politically supporting business or one i'm not familiar with, will be on the up and up. with politics a disaster now, i'm better off securing my info in several different places, then leaving it in someone's property!!!


Posted by:

Renaud Olgiati
08 Aug 2022

While it is true that the Internet is self-healing, I live in Darkest Paraguay, and I still remember the time, not so long ago, when a single fiber-optic cable was our link to the world, and of remaining cut off from the net for a couple days when a back-hoe installing a water main managed to dig in the wrong place...


Posted by:

John
08 Aug 2022

Renaud accurately pointed to the single biggest issue with relying on Cloud data storage exclusively - reliable Internet access. The many considerations you cover in this article are great and well worth knowing/considering, but they don't mean much if you are in a modestly remote part of USA where Internet access is unreliable. I had 10 days of that while vacationing earlier this year. Although maybe it was a good think - I had to relax instead of doing any work.


Posted by:

Beverly
08 Aug 2022

I've been pressured into using Quickbooks Online. There is no way I'm going to allow it with any of my 3 businesses that I do bookkeeping for. I'm more worried about "the cloud" going down than security. I have company files backed up in 3 different places for each business. Last I checked, QB Online doesn't even allow you to keep a backup copy for yourself. I don't trust the reliability of the internet for my business files.


Posted by:

Brian B
09 Aug 2022

I will never be prepared to ask the fox to care for the chicks as they are hatched. Asking Google, Microsoft or Dropbox to look after my confidential information? Nah, and keeping an onsite backup of the cloud storage says it all really. Anything outside my front door is in the public domain as far as I'm concerned.


Posted by:

Wild Bill
09 Aug 2022

Other arguments aside as well as my native paranoia, my estimation of the track records of some of the cloud providers does not inspire confidence. If they decide that it is not in their interest to continue the service.... They make the rules and they break them. If I had the financial resources to combat Google or Microsoft or Yahoo, etc., I would not need them anyway. And not having those resources means I don't need them anyway.


Posted by:

Ernest N. Wilcox Jr.
09 Aug 2022

Microsoft and all the other major cloud service providers have the resources to employ the best technicians/computer scientists/experts in the industry. It stands to reason that their 'cloud service offerings' are more secure and much better protected/guarded than my personal computer's data storage space could ever be. While it is true that their first loyalty is to the bottom line and their stockholders, that bottom line and their stockholder's profitability are directly affected in a major way by their reputation with their customers. The decision whether to use cloud services is yours. I for one have decided that it is safer to use the cloud for off-premises data backup than any other option that is available to me/within my financial reach.

My2Cents,

Ernie


Posted by:

Glen
09 Aug 2022

Hi Bob. I am a senior and have often thought about using cloud services. My biggest concern, however, was not about security (although that was a concern) was how to use 1 of these services. I am far from an expert but have learned a lot over the past 20 years of using a PC and I expect my knowledge level is similar to many others. I just don't understand some of the terms and cannot seem to find any sort of tutorial on what to do to set up a cloud service and how to use it. I did have a brief experience with a cloud service when I found out that my files were on 1 of these services when I had never set it up. Then I could not figure out how to stop it and delete my files. That really pissed me off so now I refuse to use any cloud service. Maybe if I understood how to use it I would re-evaluate.


Posted by:

RandiO
09 Aug 2022

Thanks once again, for keeping us abreast of technology, Bob Rankin,
I am from the camp that believes in "Everything is as secure as possibly can be... until discovered otherwise!"
Scare tactics aside, this "Cloud-versus-Local" does not have to be binary decision, nor should the ultimate answer be as you concluded, though!
ymmv+imho


Posted by:

Bob K
09 Aug 2022

Hi Bob,

As a rule, I believe you, but not this time. Not a chance that I would trust cloud storage. Not, now, not ever.


Posted by:

Brian B
10 Aug 2022

Just a little bit of quick research on cloud storage safety:

2012 Dropbox 68 million passwords
2014 Yahoo 500 million customer details
2014 iCloud Dozens of celebrities data
2018 Google 500,00 personal data breaches
2020 Amazon Millions of European shoppers data
2021 Microsoft 250 million customer records
2022 Google Real Time Bidding 300 billion times per day.

I'll stick to double external drive backups with Macrium Reflect and take my chances with fire and flood.


Posted by:

Jerry Wright
10 Aug 2022

Great article but I got a chuckle out of the line, "Unless you live in a country with a totalitarian form of government". With all the recent developments, maybe using cloud storage along with off site hard drives, is the safest option.


Posted by:

Frances
10 Aug 2022

I don't use cloud services with one exception and I don't think it's worth setting one up for me. However, I'm not averse to the idea and I may yet decide to use the cloud.

The one exception is doing my income tax returns. I have been using the same service for quite a few years and it's all done online. Except for the earliest year when they had server problems (not enough), I have had no problem connecting, even just before the deadline for submitting returns. And I do get to download the return after it has been filled in and calculated.


Posted by:

Gary D.
10 Aug 2022

So how can we be sure that Google, and/or other cloud storage providers, will permit us to access that data that we stored with them?

I fear that someday I will lose access to the accounts under which my data is stored, for two reasons:

1. Security - which (for good reasons) is constantly changing, becoming more complicated, e.g. two factor authentication, and passwords that must be so complex to be impossible to remember;

2. Terms of service - those providers can close your account for just about any reason. If, say, Google discovered an old email which Google determines to be "politically incorrect", it might deny you access to anything you have ever done, and if you question them, you will only get an automated response: "blah blah blah OUR ALGORITHM blah blah blah".

So: yeah. Using cloud storage is good, but absolutely keep your own local backups.


Posted by:

Lucy
10 Aug 2022

I guess users of Yahoo! Mail or G-Mail are already using the cloud to "store" a lot of personal stuff in all their e-mails, even maybe without realizing that they are.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.


Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML


Article information: AskBobRankin -- How Secure (and Private) is Cloud Storage? (Posted: 8 Aug 2022)
Source: https://askbobrankin.com/how_secure_and_private_is_cloud_storage.html
Copyright © 2005 - Bob Rankin - All Rights Reserved