Is Cloud storage and online backup secure?
Published by Lee Munson on September 7, 2015 in Online backup

Are you using, or thinking of using, one or more cloud based services to fulfill your data backup, document sharing and webmail needs?

If so, chances are high that you’ve done your research, know which services are available, are aware of the storage options and the costs.

But have you considered the security aspect of trusting your data to the cloud?

In a world where data breaches and other stories about hackers appear to be increasing, security is certainly a topic you need to give some thought to.

cloud-based-storage

But are the risks posed by cloud based storage services enough to put you off using them?

Read on to find out why I don’t think they should be.

Service closure

The first potential security risk is also the most extreme: the sudden closure of the service you are using.

Sure, such a scenario is quite unlikely, especially if you’ve elected to use Google’s Drive or one of the other big players such as Dropbox.

But if you’ve decided to entrust your data to a smaller, lesser known company, then you may have introduced an element of doubt.

While closure is an extreme outcome perhaps, it does reiterate why much is said about due diligence – you should always do your homework and check that your cloud provider is in a healthy state and likely to be around for some time to come before signing up for its service.

Oh, and have a local backup too.

Irrespective of which cloud storage provider you partner with, backups are essential.

Not only can businesses fail, so too can hard drives, both theirs and yours.

While there is always a slight risk that your cloud-computing provider will go out of business, the chances of it doing so without notice are slim indeed.

If one of the larger, more popular services ever was to cease operating, it would almost certainly provide a good deal of notice and hence opportunity for customers to retrieve their data.

But in the highly unlikely event that a cloud provider suddenly goes bust without warning, what then?

Well, once again, backups are essential, either locally or with a second cloud storage provider.

Data theft

Given the fact that service closure is unlikely, your greatest concern about cloud computing may be the thought that your data could be stolen.

That’s not because cloud computing services are inherently insecure – they’re typically anything but, employing some of the most robust technology in the IT industry – but rather because they provide such a tempting target.

Cyber criminals looking to make money have long known there is money in data, both of the personal variety and in the form of corporate secrets.

As more and more individuals and businesses entrust that data to online storage solutions, so those cloud services appear to be juicier targets to those who would have at that information.

And, if you weren’t already aware, the information security industry is very much a reactive rather than a proactive one.

But let’s add some perspective here.

If you’re someone who says they never entrust their files to a cloud server because of the data risks then good for you, but are you seeing the whole picture?

Do you keep all your data backed up on your local machine?

If so, how are you protecting it?

Do you have antivirus, a firewall, a burglar alarm, a fire sprinkler system, gates and CCTV around your property, a UPS in case of power loss, a disaster recovery plan in case a freak of nature rips your house down, or 24/7 surveillance by a team of security guards?

If not, then you are probably taking greater risks with the security of your data.

Get the point?

Government theft and monitoring of data

Unfortunately government surveillance appears to be a sign of the times we live in.

Though it’s likely been going on for years, most of us have only recently become aware of the scale of the activities of various security services around the world, thanks to Edward Snowden.

While I’m no fan of metadata collection or the recording of phone calls, I still believe some level of perspective is required.

Those of us who live in civilised societies actually have very little to worry about, though that should never breed any level of complacency, that’s for sure.

Within the European Union there are many laws covering citizens’ privacy and these extend to the government’s ability to seize and access their personal and business data.

In the US things are different – laws in the land of the free are relatively draconian, though sentiment appears to be shifting in the right direction lately.

Outside of the West, you take your chances, but would you really consider a cloud service provider based in a dictatorial state anyway?

Lack of connection

One of the risks you run when utilising a cloud based storage solution is the possibility that you will be cut off from your data due to circumstances beyond your control.

Local or national power cuts, hardware failure at the provider’s end or a glitch with your own ISP’s service are all possibilities, though none should be a common or recurring issue.

If you think losing the ability to connect to your cloud storage for a few minutes once in a blue moon is a pain, stop and consider how long it would take you to retrieve your data locally from backup tapes or by installing a new hard drive and then restoring as much data as possible. All day perhaps?

Encryption

One thing you certainly won’t need to worry about with any reputable cloud storage service is encryption.

The biggest, most popular names in the industry, such as Google Drive and Microsoft OneDrive will most definitely encrypt your data as it travels back and forth between your device and their cloud servers.

This means you will have no worries about a hacker intercepting your files as they travel along the pipes, though you should realise that your files won’t be encrypted when on the cloud servers.

The reason for this is that, by not encrypting them, you will still be able to open them up, edit and share them via a web interface.

You can of course handle file encryption yourself, both on your local machine and on the cloud server.

This could be an option if using a service that doesn’t offer encryption during transit, or for additional peace of mind.

Popular cloud service Dropbox is worth mentioning here – it takes an extra step by encrypting user files with Secure Sockets Layer (SSL) and AES-256 bit encryption once they are stored on the server.

This prevents any unauthorised parties from accessing your files but you should be aware that it is Dropbox that holds the decryption keys, not you. The Dropbox security FAQs explains this in more detail:

“We do have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access. In addition, we employ a number of physical, technical, and heuristic security measures to protect user information from unauthorized access.”

There is also another option too if you are concerned about the privacy of your data – client-side encryption.

What this means is you encrypt your files your end, on your device, before transferring them to your cloud backup service.

The advantage of encrypting files your end is that you retain control of the decryption keys.

Many cloud backup services, including Carbonite (128-bit Blowfish), iDrive (256-bit AES) and Mozy (256-bit AES or 448-bit Blowfish), provide you with the option of using a personal encryption key so that your files are secured before transfer and only you can decrypt them.

Conclusion

Cloud storage options often get a bad rap in terms of security but such a belief is not entirely fair.

Sure, there are potential issues, but many surround unlikely occurrences or can be mitigated with ease.

Given the fact that no-one should ever store their data in only one location, cloud based storage offers a viable alternative to local storage and has the added benefit of offering a far wider range of access to your data.

Such services are here to stay so put aside your fears and embrace it, but do your homework first and only entrust your data to established, well reviewed services that take both your data security and theirs seriously.

Leave a Reply

Your email address will not be published. Required fields are marked *