Cloud Storage: Secure and Private?

Category: Cloud

Are you using cloud services like file storage, online backup, webmail and document sharing? Most people don't know much about the safety and security of cloud computing. Are your files and sensitive data safe and secure in the cloud, or are they vulnerable to hackers and other threats? Here's the scoop on cloud storage security...

Is Your Head in The Clouds?

Cloud computing – storing data and using application software "out there" in the cloud of Internet servers – is becoming more and more common. See my related article Eight Free Cloud Services You Should Know About for some examples of popular cloud services. But are they safe? Can you trust some company on the other side of the wire with your business or personal data? Can you depend on software that isn't on your computer to be available when you need it? What are the risks of cloud computing, and how can you mitigate them?

The first risk you run is being cut off from your computing resources by some breakdown in communication between you and them. But that's rather unlikely, really. The Internet was designed to route data around broken communication lines, crashed routers, and other obstacles. Unless you live in a country with a totalitarian form of government, the Internet tends to be self-healing, unlike your desktop computer. So before fuming at your cloud storage provider for going down a whole five minutes, estimate how long it would take you to obtain and install a new hard drive, then restore everything from your local backup. Half a day, at least?

Cloud Storage

Oh, and you DO have a local backup, right? If not, see How I Got Hacked... And Why You MUST Have a Backup! for a cautionary tale, and Hard Drives Are Not Forever to learn more about options for backing up your important files.

Risks of Cloud Storage

Data theft is a second and more serious risk of cloud computing. It's not that cloud-computing providers are sloppy about security. They're more conscientious about it than many large enterprises and most small users. But the bigger the castle, the more barbarians there are at the gates. As more companies deposit their top-secret data in cloud-computing providers' castles, more hackers turn their efforts to breaching those high walls. It's a never-ending battle, but fundamentally no different from you versus a lone hacker -- and most home users are no match for a skilled hacker.

To those who say "I would NEVER put my files out there on some cloud server... they're much safer on my hard drive," I say the following: Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software? You can bet your cloud storage provider has all that and more in place to safeguard your data.

Government monitoring and seizure of data is a third issue with cloud computing. The European Union has strict, high standards of privacy protecting citizens against government intrusion into their personal business. Not so in the United States, where the law gives government agents enormous latitude to spy upon and seize personal data, if they can get their hands on it. Did you know that the Electronics Communication Privacy Act passed in 1986 allows law enforcement access to anything you have stored in the cloud for more than 180 days without a warrant?

Another important consideration is death. What happens to your information stored online in the event that you're no longer around? Everyone should have a plan to pass along important login/password credentials in the event they die. In addition to cloud storage, make sure you think about your webmail, online banking and social media accounts.

And it's always possible that your cloud-computing provider will go out of business. But in the event that a popular, reputable cloud storage provider was planning to shut down their service, they whould provide ample notice and opportunity for customers to retrieve their data. In the unlikely event that a cloud provider suddenly goes dark, what happens to your data in that case? My advice is to keep local backups, or use a second cloud-computing provider for redundancy.

What About Encryption?

Popular cloud storage services like Microsoft Onedrive and Google Drive will encrypt files as they travel between your computer and the cloud servers. So you don't have to worry about some hacker or wifi sniffer peeking inside your spreadsheet as it zips along the information highway. Your files are protected by strong physical security measures, but they're not encrypted while they're stored on the Microsoft or Google servers in the cloud. There are good reasons for that, however. If the files were encrypted in the cloud, you couldn't easily view them over a web interface, share them with other users or do collaborative online editing.

If you want to handle the encryption on your own, my article Encrypt Your Hard Drive discusses TrueCrypt and some other options for encrypting your files. This can work well if you want to use a cloud storage option that doesn't offer encryption. See Ten Free Cloud Backup Services to learn how to access over a terabyte of free online storage.

Dropbox does take the extra step of encrypting user files with SSL (Secure Sockets Layer) and AES-256 bit encryption, once they've been stashed on the cloud server. That gives you the assurance that if Evil Hackers were able to break into Dropbox, they wouldn't be able to read your scrambled files. But the caveat is that Dropbox itself has the decryption keys needed to unscramble the files. This quote from the Dropbox security FAQ explains why:

"We do have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access. In addition, we employ a number of physical, technical, and heuristic security measures to protect user information from unauthorized access."

If you're uncomfortable about the lack of encryption for files in OneDrive or Google Drive's cloud storage, or you just don't trust the server-side encryption that services like Dropbox offer, you do have another option. With client-side encryption, you can encrypt the files BEFORE they leave your hard drive, and you control the decryption keys. Most cloud backup services such as Mozy, Carbonite and iDrive offer you the option to use a personal encryption key so that your files are encrypted before sending to the offsite cloud backup, and only you can decrypt them.

Cloud computing is definitely here to stay, and its benefits are compelling. You shouldn't avoid cloud storage services because of imagined or falsely inflated fears, but you should be ready to deal with the real risks.

Are you storing files in the cloud? Got comments or questions about cloud storage? Post your thoughts below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 22 Feb 2016


For Fun: Buy Bob a Snickers.

Prev Article:
[SECURITY] AntiVirus Test Results

The Top Twenty
Next Article:
[TAXES] Online Tax Filing For Free

Most recent comments on "Cloud Storage: Secure and Private?"

(See all 32 comments for this article.)

Posted by:

Carole
22 Feb 2016

There is "NO WAY" that I would store stuff on a Cloud of any sensitive matter. If people can hack into our government, businesses, it would be a snap to hack into our cloud accounts. I have discussed this concept with other people and I dead set against the Cloud for that reason. I won't even leave certain things on my computer. I could write a book on fraud and what I've seen happen to people.


Posted by:

Sheldon Minkon
22 Feb 2016

Just because I am paranoid about the Cloud, doesn’t mean that I am wrong. We are headed down a path that will cost us our freedom as individuals. First we get the “carrot”, all the goodies that come with cloud storage; medical data, financial data, driving data, family history, all at the touch of a button. We worry about hackers, who only want to steal your stuff, while ignoring the elephant in the room, Big Brother. At 73 I might not be around to see it, but we are monitored with cameras, smart cars, smart TV’s, smart thermostats, toll roads, GPS devices, and a moving toward a cashless society, and the Government is saving all of this data. Why? When we get the “stick”, one may ask how we could let our freedom disappear.

I for one, will only use cloud storage for pictures.


Posted by:

Bob Price
22 Feb 2016

The odds are getting hit with ransome ware are very low, but it could happen. If ransome ware encrypts your hard drive and you have synced to the cloud storage, I assumed that is also held ransom. Or not?


Posted by:

Ken Heikkila
22 Feb 2016

I don't wish to call out any particular person in these comments, but it occurs to me every time I read them that there are some very paranoid people out there. The sort of paranoia that ignores the facts to support itself. I am only beginning to set up my iDrive, my first foray into cloud storage, but that is because I am a procrastinator and because I have a connection that is broadband in name only. That said, if the government wants your stuff, they will come and get it, but really how much stuff could they possibly make use of & what makes you think yours is so important that they would go out of their way to do so? I know, paranoia.


Posted by:

Chris
22 Feb 2016

Of all the examples of paranoia shown here and on other sites nowhere is it more evident than in the mistrust Americans show towards their own government. Is the USA no longer a democracy? When did that happen? There's paranoia in abundance here in both camps. I even think Bob suffers from it to some extent - "Fire, theft, flood, hurricane, tornado" - do most Americans live in regions where these acts of nature are highly likely? The advantages of the cloud are being hyped up here. I rely on Reflect backups and it has never taken me half a day to restore everything - a couple of hours maybe.


Posted by:

RW-in-DC
22 Feb 2016

Americans are understandably concerned about their supposedly oligarchic representational government when it uses a law from 1789 (All Writs Act) to gain access to information they desire, e.g., the FBI vs. Apple. Living in the DC area, you'd think I wouldn't be in an earthquake zone (nor am I in tornado alley), yet hurricanes occur (and there was a quake in 2011). It is axiomatic that even paranoids have *real* enemies, whether natural hazards, individuals or antagonistic organizations.... ;)


Posted by:

PhilS
22 Feb 2016

I use a fireproof/waterproof hard drives - yes, there are such things! - but back up to the cloud too. Why not have that additional layer of protection? Especially as it's cheap - if not completely free - and extremely easy. Seems like a no-brainer to me.


Posted by:

Bruce
22 Feb 2016

"Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software? "

With the exception of flood and earthquake protection (I live on high ground where there's zero seismic activity) the answer is a resounding YES!


Posted by:

olamoree
23 Feb 2016

Found something that seems to answer all of the above questions and doubts. It encrypts your files BEFORE uploading, for Home use, FREE, you can use a variety of Cloud Services, for instance taking the Free Space from each of several different and popular cloud storage offers and if properly handled can add up to even several TBs. Its called Cloud Backo... http://www.storagenewsletter.com/rubriques/cloud-online-backup-ssps-msps/cloudbacko-home-free-cloud-backup-software/ it "handles" several free cloud storage accounts and "pools" them into one giant system. Take a look and sure would like to hear Bob's opinion of this method.


Posted by:

ByronM
23 Feb 2016

I keep several Flash Drives with files backed up along with Google Drive in the cloud. Only problem with GDrive is with the folder on the computer. It may be convenient just to drag and drop files/folders to GDrive folder to have it auto backed up, BUT, it duplicates the files/folders on the hard drive taking up space. So, I routinely go to the online site and upload files/folders of important docs and such.
GDrive has been a data and photo saver when my computer has crashed or become infected. Or, I acquire a new computer. Just to to Google Drive and download everything. The USB flash drives are for the really important files/folders. Highly recommend more than one back up source just in case.


Posted by:

BobD
23 Feb 2016

Re: "Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software?"

Those are strong points, indeed. You've almost persuaded me.
I live in New England. Fire, hurricane, and network intrusion could be issues. Maybe burglary, though my 4-year-old desktop is hardly worth stealing. I use four USB disks for backups, with redundancy. Two disks, unplugged from the computer, reside in the basement. A weak scheme, since all my precious data are in my house, but I'm too lazy to do anything about it.

But here's the irony. Two disk failures in the past year - each was one of the WD USB backup disks. So the computer's internal Hitachi hard drive is backing up the external disks... Sheesh.


Posted by:

GreggL
23 Feb 2016

SpiderOak One is a "zero knowledge" cloud backup solution. Encryption from when it leaves your computer to its storage at SO. SpiderOak does NOT have the keys, only the user does. 1TB plan is $129/yr. Boxcryptor will encrypt your data before you put it into Box, Dropbox, Google Drive, OneDrive, and many other cloud storage options. Free for one storage solution from 2 devices. $48/yr unlimited multiple storage solutions and devices.


Posted by:

Al Jankowski
24 Feb 2016

I have 1 faint reservation. We are already so reliant on the internet, so entrusting one more thing to it should not be a big deal. Still I'm a worry wart ...

However there are times I and my laptop are out of reach of the 'net for days at a time. As well, there have been occasionSS (not all that recent, fortunately) that my ISP has been down for over a day. As a result I tend to try not to be overly dependent on the internet.

Cost/benefit analysis time, I guess.


Posted by:

Don
24 Feb 2016

Offhand I can't recall any instance where data has been stolen or otherwise affected because it was stored on one of the major cloud storage sites. Of course, that doesn't mean it won't happen tomorrow.
But do you know of any instances of the cloud being hijacked in any way?


Posted by:

Jillian S
24 Feb 2016

I'm more like Dianne and Ken H, above. I've signed up with Jotta Cloud to back up my Word documents. I don't worry about photos, as I have both prints and CDs of all photos I've taken in the past eleven years. I'm not sure in what future circumstances I'd need to worry about more back-up or more privacy.


Posted by:

bern
11 Mar 2016

One has to be a fool to place data in the 'cloud'. Buy a cheap external hard drive and keep it there. If you need to move data, USB sticks are very large storage and cheap today.


Posted by:

Roger Hass
12 Mar 2016

Note from PC-Bug Fixer, Roger Hass;

A sensible approach to Securing your data is to have at least 2 copies of all your data, i.e. 1. Your documents, 2. Your pictures, 3. Your accounting records, 4. Your email client messages, 5. Your FTP web page data, 6. Your Autodesk drawings, just to mention a few as not all are kept in your documents folder structure and some are kept in the applications installed folder structure.

A. - You have the original in the default folder structure on your hard drive, and

B. - You have copied all the respective folders containing the afore mentioned data onto an external hard drive like a WD (Western digital) My Passport drive, the size of which is pest determined by the size of your data files. I recommend the WD My Passport USB3.0 2TB (2 Terabyte) drive which would suite most Home and Small Business users. This drive would also be large enough to copy the image/backup folder created by the utility mention in item C.

C. - I also recommend that you have an additional internal HDD (hard disk drive) again of at least 2TB in a Mobile Rack which can be removed after the computer workstation is shut down (powered off) each day when the operator has finished the users tasks on the workstation. Tis drive is also used primarily for so called backup purposes using a reliable application like “Image for Windows” from “TeraByte Unlimited” which is compatible with Windows XP Pro SP3 and upwards to Windows 10 OS’s, obviously there are other similar backup / imaging utilities to perform a complete image / backup of your master C:\ HDD. In addition to the complete image/backup, this HDD is large enough to also copy all of the

D. - Summary:
If we perform the tasks in item B. and C., then we now have a copy of all our data on the,
1. External WD HDD, and
2. In addition to the complete image copy of your C: HDD copied from your internal 2nd Mobile Rack HDD., then

3. We have a copy of all your data on the internal Mobile Rack HDD, and
4. A complete image/backup of your master HDD which includes the complete installation of the Operating System, all the installed application software, and all of the User (your) file and folders containing all your data, i.e. documents, pictures, emails, etc., mentioned in the opening paragraph.

E. - Conclusion:
I have an “In House floor mounted Fireproof Safe used to securely store both the WD external HDD and the mobile rack cartridge containing the 2nd internal HDD. However I am lucky and can store either off site with a trusted neighbour who also has a secure floor mounted safe, who allows me to store one of the backup HDD’s. The arrangement is reciprocal and ideal for updating the offsite HDD on a weekly basis to ensure we have the latest data copies as at the date we perform the updates of our data.

Remember also that the image of your master C: drive contains the complete C:\ drive as at the date you performed it. It is not necessary to perform a new image/backup on a weekly basis as should the C: drive fail and we need to install a new HDD to replace the C: drive then we can use the image to restore the complete system onto the new HDD and the simply copy the data we saved on either the external WD or internal HDD.

Optionally you can perform incremental image/backups of your master C: drive to the image utility folder on a weekly basis in addition to copying the data to both the internal and external HDD. I recommend this for data security and integrity reasons. Better safe than sorry.

Unfortunately I do NOT store any of my data or image/backup folders in any Cloud based system or structure as I do not trust any off shore Cloud based methods nor trust these with my private and confidential data irrespective of what suggestions they may imply regarding their security and my suggested password(s) security for accessing my data used on their systems. The supplier of the Cloud System and their staff with little effort can bypass your password and read all your data, all passwords can be hacked, and I say this backed by 35+ years experience in IT.

Think about what I have documented and I’m sure you can create a similar structure method to secure your data, even a simple storage like the garden shed , sometimes the most obvious is the best storage security and unlikely to be stolen by a thief entering your property. If you think this last comment to be stupid and insecure, think again !

So much for Cloud based backup options, I don’t need them, besides if my system has been hacked or infected with ransomeware or the master C: HDD has crashed, I CANNOT ACCESS ANYTHING I HAVE STORED IN THE CLOUD AND WOULD NOT FOR SECURITY REASONS ACCESS ANY DATA FROM A COMPROMISED SYSTEM COMPUTER OR WORKSTATION.

However having all by backups at hand I can restore the whole master C: drive from my image/backup and then copy all my data from the external WD HDD and when the system has been restored I can check the internal 2nd HDD and scan it if it has been infected and if necessary replace the infected files or folders from the external WD HDD. If the internal 2nd HDD was not mounted (the cartridge was not in the mobile rack) then it would be secure and not infected by any ransomware or other virus that crashed the master C: HDD.

We now need to know from Bob where all our data is located on the HDD so we can copy it to the external and internal 2nd HDD, like the folder containing the Microsoft Office Outlook .pst file folder, etc.

I trust that the above information is logical and easy to follow. I suggest you copy it and print a hard copy so that you can follow the stepped tasks on what and how to secure your data In-House.

So what's all the kerfuffle about the "Cloud" if you look up you can see them in the sky most every day ☺


Posted by:

mouse
13 Mar 2016

I don't trust "the cloud" for many reasons; security being just one....

A few years back when my HD was on it's way out, I signed up with Mozy and spent a lot of time backing everything up. Afterwards I checked their website and could see my files and even downloaded ONE as a test. A few days later I installed a new HD and went to download all my backed up files only to discover that they were no longer there. Suddenly not a single file was to be seen or found on their website. Mozy of course was no help and even brushed me off. I not only lost all my files including family photos, but I was out 3-4 months of monthly fees as well!

Would I ever trust "the cloud" (let alone Mozy!) again? Not on your life! I would never again consider using another so-called "cloud" based app to backup anything important that I haven't already backed up onto another HD here at home. And definitely not when I can back things up myself and KNOW that they'll be there when I need them. Mozy (and others) are not infallible.


Posted by:

Torkel Holst
26 Jul 2016

Cloud storage wasn't originally intended for fast, reliable, remote access to your files. I find that using media server software to create a personal cloud connection between your computer and your mobile devices is a much simpler, faster, and more reliable solution to the problem of access.

While cloud storage is perfect for backing up your hard drive and "storing" your files, much of the conversation is unfortunately about keeping your files secure, rather than creating a safe connection for accessing said files.

I want there to be more discussion about software like http://www.tonido.com/ and https://getyounity.com/ and exactly how secure the connections they make are. Are there data breeches and identity theft cases involved with these applications, similar to the cloud?

I realize the point of this article is to ensure the readers that the cloud has an infinite amount more security than that of a home hard drive, but what about when the user is actually accessing the files? Is the connection secure at each end?


Posted by:

Torkel Holst
26 Jul 2016

Cloud storage wasn't originally intended for fast, reliable, remote access to your files. I find that using media server software to create a personal cloud connection between your computer and your mobile devices is a much simpler, faster, and more reliable solution to the problem of access.

While cloud storage is perfect for backing up your hard drive and "storing" your files, much of the conversation is unfortunately about keeping your files secure, rather than creating a safe connection for accessing said files.

I want there to be more discussion about software like http://www.tonido.com/ and https://getyounity.com/ and exactly how secure the connections they make are. Are there data breeches and identity theft cases involved with these applications, similar to the cloud?

I realize the point of this article is to ensure the readers that the cloud has an infinite amount more security than that of a home hard drive, but what about when the user is actually accessing the files? Is the connection secure at each end?


There's more reader feedback... See all 32 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Cloud Storage: Secure and Private? (Posted: 22 Feb 2016)
Source: http://askbobrankin.com/cloud_storage_secure_and_private.html
Copyright © 2005 - Bob Rankin - All Rights Reserved