Is Cloud Storage Private and Secure?

Category: Cloud

If you're thinking about using cloud services like file storage, online backup, webmail and document sharing, you may wonder about the safety and security of cloud computing. The parade of high-profile data breaches in the past year has some people worried about the security of cloud services. Are your files and sensitive data safe and secure in the cloud, or are they vulnerable to hackers, snoopers and other threats? Here's the scoop on cloud storage security...

Is Your Head in The Clouds?

Cloud computing – storing data and using application software "up there" in the cloud of Internet servers – is becoming more and more common. See my related article Try These Free Cloud Services for some examples of popular cloud services. But are they safe? Can you trust some company on the other side of the wire with your business or personal data? Can you depend on software that isn't on your computer to be available when you need it? What are the risks of cloud computing, and how can you mitigate them?

The first risk you run is being cut off from your computing resources by some breakdown in communication between you and them. But that's rather unlikely, really. The Internet was designed to route data around broken communication lines, crashed routers, and other obstacles. Unless you live in a country with a totalitarian form of government, the Internet tends to be self-healing, unlike your desktop computer. So before fuming at your cloud storage provider for going down a whole five minutes, estimate how long it would take you to obtain and install a new hard drive, then restore everything from your local backup. Half a day, at least?

Cloud Storage

Risks of Cloud Storage

Data theft is a second and more serious risk of cloud computing. It's not that cloud-computing providers are sloppy about security. They're more conscientious about it than many large enterprises and most small users. But the bigger the castle, the more barbarians there are at the gates. As more companies deposit their top-secret data in cloud-computing providers' castles, more hackers turn their efforts to breaching those high walls. It's a never-ending battle, but fundamentally no different from you versus a lone hacker -- and most home users are no match for a skilled hacker.

To those who say "I would NEVER put my files out there on some cloud server... they're much safer on my hard drive," I say the following: Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software? You can bet your cloud storage provider has all that and more in place to safeguard your data.

Google's Cloud Security FAQ, for example, goes into detail about how your data is protected: "Our data centers are built with custom-designed servers, running our own operating system for security and performance. Google’s 700+ security engineers, including some of the world’s foremost experts, work around the clock to spot threats early and respond quickly. We get better as we learn from each incident, and even incentivize the security research community, with which we actively engage, to expose our systems’ vulnerabilities... we undergo several independent third-party audits on a regular basis. For each one, an independent auditor examines our data centers, infrastructure, and operations."

Government monitoring and seizure of data is a third issue with cloud computing. The European Union has strict, high standards of privacy protecting citizens against government intrusion into their personal business. Not so in the United States, where the law gives government agents enormous latitude to spy upon and seize personal data, if they can get their hands on it. Did you know that the Electronics Communication Privacy Act passed in 1986 allows law enforcement to access emails stored in the cloud for more than 180 days without a warrant? (See the "What About Encryption?" section below.)

Another important consideration is death. What happens to your information stored online in the event that you're no longer around? Everyone should have a plan to pass along important login/password credentials in the event they die. In addition to cloud storage, make sure you think about your webmail, online banking and social media accounts. See my related article You Can't Take it With You (Digital Estate Planning).

And it's always possible that your cloud-computing provider will go out of business. But in the event that a popular, reputable cloud storage provider was planning to shut down their service, they should provide ample notice and opportunity for customers to retrieve their data. In the unlikely event that a cloud provider suddenly goes dark, what happens to your data in that case? My advice is to keep local backups, or use a second cloud-computing provider for redundancy.

What About Encryption?

Popular cloud storage services like Microsoft Onedrive and Google Drive will encrypt files as they travel between your computer and the cloud servers. So you don't have to worry about some hacker or wifi sniffer peeking inside your spreadsheet as it zips along the information highway. Your files are protected by strong physical security measures, but they're not encrypted while they're stored on the Microsoft or Google servers in the cloud. There are good reasons for that, however. If the files were encrypted in the cloud, you couldn't easily view them over a web interface, share them with other users or do collaborative online editing. (Boxcryptor is a third-party add-on that works with Google Drive, Microsoft OneDrive, and other cloud providers to provide "at-rest" encryption for your files in cloud storage.)

If you want to handle the encryption on your own, my article Is it Time to Start Encrypting Your Files? discusses VeraCrypt and some other options for encrypting your files. This can work well if you want to use a cloud storage option that doesn't offer encryption.

Dropbox does take the extra step of encrypting user files with SSL (Secure Sockets Layer) and AES-256 bit encryption, once they've been stashed on the cloud server. That gives you the assurance that if Evil Hackers were able to break into Dropbox, they wouldn't be able to read your scrambled files. But the caveat is that Dropbox itself has the decryption keys needed to unscramble the files. This quote from the Dropbox security FAQ explains why:

"We do have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access. In addition, we employ a number of physical, technical, and heuristic security measures to protect user information from unauthorized access."

If you're uncomfortable about the lack of encryption for files in OneDrive or Google Drive's cloud storage, or you just don't trust the server-side encryption that services like Dropbox offer, you do have another option. With client-side encryption, you can encrypt the files BEFORE they leave your hard drive, and you control the decryption keys. Most cloud backup services such as Mozy, Carbonite and iDrive offer you the option to use a personal encryption key so that your files are encrypted before sending to the offsite cloud backup, and only you can decrypt them. VeraCrypt is a free, open-source, cross-platform encryption tool. Versions are available for Windows, Linux, and Mac OS X.

Cloud computing is definitely here to stay, and its benefits are compelling. You shouldn't avoid cloud storage services because of imagined or falsely inflated fears, but you should be ready to deal with the real risks.

Are you storing files in the cloud? Got comments or questions about cloud storage? Post your thoughts below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 28 Aug 2020

For Fun: Buy Bob a Snickers.

Prev Article:
[NUKED] Securely Erasing Your Hard Drive

The Top Twenty
Next Article:
Fed Up With Robocalls and Telemarketers? (choose your weapon)

Most recent comments on "Is Cloud Storage Private and Secure?"

Posted by:

28 Aug 2020

I think most cloud provider services will be handy for most people and I have no problem with them.Just keep in mind there could come a time where the internet can be taken down,intentionally or unintentionally.

Like Bob says,you needs to realize any risks you take when you use this type of service and keep any local backups off-site.

Posted by:

28 Aug 2020

I remember the days when I had a DEC VT100 dumb terminal sitting on my desk at work. Everything was on the corporate "cloud" although they didn't call it that. Then we went to smart devices called desktop computers and you kept your data private. Now they're turning computers back into dumb devices and they've figured out a way to charge you for storing your data on their "cloud." It's big business. I prefer to store my data on a NAS. Yes, it's in my home. I have control over it. It's behind my firewall. I just don't want it out there on that "cloud" for every Tom Dick and Harry trying to hack into it and stealing it.

Posted by:

Bob K
28 Aug 2020

I'll vote for the NAS approach, also. While I don't have an armed guard at the end of my driveway, there is very little on my computers, except for the hardware itself, that anyone would want.

I don't think you can beat the speeds of my LAN vs going out on the internet to some far-off place.

Posted by:

Karl Gregg
29 Aug 2020

Sorry Bob "their service, they whould provide".
"whould" Why did your spelling checker not flag that one? I know you are a spelling demon! Hey, happens to me too! Good article though.😁

EDITOR'S NOTE: Come on, everyone knows "whould" is an amalgam of "should" and "would". 😁😁

Posted by:

Robert T Deloyd
29 Aug 2020

"The European Union has strict, high standards of privacy protecting citizens against government intrusion into their personal business."

So, how does a person get a cloud service in Europe?

Posted by:

Dennis English
29 Aug 2020

You mentioned internal security in regards to Dropbox. Is there any protection from the cloud owner looking through stored data to be used for marketing use, etc. such as Google and Facebook do?

Posted by:

29 Aug 2020

I don't feel safe storing my personal data on the cloud. But I make sure to backup regularly to three separate physical locations. My router is secure and I keep a copy of my data in a fireproof safe.

Posted by:

29 Aug 2020

@RobertTDeloyd: Here are a few:

Posted by:

Renaud Olgiati
29 Aug 2020

If you are in the European Union, be aware that if your data is stored in the cloud in the US, it has even les privacy protection than that of US citizens.
So make your your cloud provider has his servers in the EU.

Posted by:

30 Aug 2020

The cloud sounds nice untill you decide not to have it any longer. Don't pay the monthly fee and you have x days to retrieve your data after that if you can get it back at all good luck. Not to mention now they own all your stuff. Encrypted you say yea for outside prying eyes but not the cloud provider and their employees or any government entity or anyone that pays a fee. After all you no longer own what was abandoned on their servers.

I may be wrong but for now no cloud for me.

Posted by:

30 Aug 2020

Thank you for all that you do for us, Bob Rankin.
I also like the canvas you are drawing on: *Never putting all your eggs in any one basket is always the preferred way to safekeep data. *Using a 'hybrid' storage solution is a worthy consideration. *But only upon classifying the types of data and the levels of security, which will determine where (and how) that data should be located.
I would not be a fan of keeping my highly sensitive data (e.g., password manager, crypto-coin wallet, etc.) anywhere out of sight (off-site and/or cloud) without user-side strong encryption.
I rely heavily on local internal/external storage devices for all my personal data, their backups, archives and disk images.
I choose to manage my multimedia data (music, video,) on a local-level (16TB RAID NAS). >Hail to AoIP/AES67/AVIO
I own and (try to) maintain my own server for secure/encrypted, as well as unsensitive data storage.
I think I still have my OneDrive, gDrive and DropBox cloud accounts, which I rarely use. Especially since I cannot be certain if such personal cloud data is not 'cataloged' by the likes of google’s data-mining, money-making machine, no matter how ‘secure’ it is in the cloud.

Posted by:

John Meyer
31 Aug 2020

Thanks for the article. We store almost EVERYTHING in Microsoft 365 (OneDrive/SharePoint, etc). However we still back it up too.

Another tip when you want anyone you know (or don't know) is to password protect an Excel, Word, pdf, or other file that you want to have an extra layer of security.

Posted by:

Angelo R.
04 Sep 2020

I find it laughable that anyone would trust Microsoft, google, etc to store your private info. These "high tech" super white collar criminals, owned and run by the Deep State/New World Order gang, are not your friend.

What better way to take over control of everyone's life than stealing all their personal data. Look, anything you transfer to their servers is permanently stored for future use against you. Who, in their right mind, would "trust" them when they cite all the 'safeguards' they have in place. They (the cloud) is linked to the NSA, that giant sucking machine that steals every bit of data about you. People, don't be stupid.

Posted by:

24 Sep 2020

Shelly, If your home burns down, the contents of your "fireproof" safe (the term "fireproof" is a misnomer) will be reduced to ash due to the extreme heat. (Safe from the flames themselves, but still destroyed.) Unfortunately, your backup data is not as safe as you may think. At least the cloud is not subject to wildfires?!

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy     RSS/XML

Article information: AskBobRankin -- Is Cloud Storage Private and Secure? (Posted: 28 Aug 2020)
Copyright © 2005 - Bob Rankin - All Rights Reserved