Is Cloud Storage Secure?

A friend of mine in Florida recently asked me for advice regarding how to store sensitive information on the cloud, such as an inventory of the assets in her home, so that she can be prepared in the event that her home and her computer both disappear in a natural disaster, a hurricane in her case.

I gave her the best answers I knew, which hopefully will be useful to you as well.

Is one cloud storage company better than others? (I don’t have Apple technology, so that’s not an option).

There are many ways to store files at a remote location. One of them is storing the data in the Cloud, that mythical electronically networked thingy that strikes fear in the heart of luddites and the computer shy.

In turns out that the ‘Cloud’ is just the latest name for a server on the internet that provides some useful service to people, or collects all of your most sensitive data with your tacit approval, as the case may be, or both.

I store information on servers that I rent from Amazon Web Services, just because I know how to do this, but that is not a consumer-friendly solution.

Other than that, I also use Google Docs / Google Drive.

There is a similar service called Dropbox that is very popular as well, where you create a ‘dropbox’ folder on your machine, and anything that you place there gets synched to a remote server, and can then be synched to multiple machines. Google Drive works this way too, though the term dropbox is more evocative.

There are also more expensive systems which provide higher levels of security, for example to store financial information that must be protected by regulation. These may be too expensive for your needs. I don’t have experience with these, but one such system of which I am aware is egnyte.com. Rest assured, they will not burn your data.

You may also want to check online back-up systems such as carbonite.com.

In order to preserve the privacy of the information that you are uploading, you may want to pay close attention to how these systems store the data, and whether they provide the ability to encrypt the data stored. More on this further below.

Do you know how safe cloud storage is? I know the US government can see everything online, but I’m concerned with thieves & hackers.

Any system can be broken into, so you may want to be careful what you store in the cloud in ‘clear text’, that is, any data that is not encrypted.

Is there some information that one should never have on one’s computer? on one’s cloud?

It is not safe to transmit/store in clear text (un-encrypted) any of the following type of info:

  • Credit card numbers
  • social security or passport numbers,
  • account/passwords to financial institutions,
  • your address book, a list of all of your acquaintances if you are politically involved and very paranoid (wait, is that not what in-your-Facebook collects from us?)
  • any other sensitive data that you may not want to become public.

The easiest way to secure such data is to encrypt it. Once you encrypt data using a strong algorithm, what you must then secure is the encryption key that you used to encrypt the data, which you will need to un-encrypt it. The encryption key is typically a text file with a bunch of random characters.

When you encrypt the data, you can also use a password. This increases the security because you will now need both the key (something you have) and the password (something you know) to decrypt. This is called 2-factor authentication.

I use open-source linux tools for this, like pgp, and other free encryption tools, but I am sure that you can find relatively inexpensive consumer-oriented software for windows that will accomplish the same. Alternatively, cloud storage services may also provide the option to encrypt the data.

You can then store the encryption key in a couple of ‘fobs’ (usb keychain thingy) that you store in a couple of geographically remote safe places, like a hurricane proof safe. You can memorize or store the password in your wallet, but don’t store the password where you are storing the encryption key. Make sure that you don’t use this password for other purposes.

If you encrypt the data, you can store it without concern in any cloud system, because your average non-governmental malicious users will not be able to access it without the encryption key and the password, which you will keep elsewhere.

If you use a strong enough algorithm, it would even be costly for the government to un-encrypt it. You would really have to have ticked them off.

My homeowner’s insurance agent recommended sending myself an email of photos and a list of items in my house as “free cloud storage.” I’m not sure that’s safe. What do you think?

It’s not safe. If the items in the list are not particularly valuable, then the risk is not so great, and it’s probably ok in the short-term.

In addition to the security risks, I am not fond of storing images and large files in emails, because a lot of email software on the desktop tends to become very slow and unstable once the email storage files grow too large.

I hope that answers more questions than it raises.

Are you not happy that we have computers to ‘simplify’ our lives?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>