Cloud services are ubiquitous these days. It seems like every app has in some way migrated to the cloud, and promises continuity and synchronization across all your devices, whether it’s your tablet, computer, or smartphone.
But the cloud has one massive disadvantage: it is riddled with security risks. Additionally, consider that a successful hacking attempt causes more damage than ever before because all of the users’ data are centrally located on grouped storage servers.
If a hacker compromises one server or one database, the hacker could make out with thousands (or millions) of users’ data. Look, don’t misunderstand me – I’m not suggesting that we all abstain from using cloud technologies. Not only is abandoning the cloud impractical, but it is also terribly inconvenient.
Instead of abandoning the cloud completely, just make sure that you follow some basic security practices to stay ahead of the latest threats. Remember the following tips and considerations to keep your cloud data safe from the grubby paws of internal employees, hackers, and governmental wiretapping scandals.
If you’re going to store data in the cloud, due diligence is a necessity, and you’ll need to research your hosting provider. More specifically, you’ll want to find out where they choose to physically host your data. Chances are your cloud storage company uses another company that provides storage or bare metal servers as a service, such as Microsoft Azure or AWS (Amazon Web Service).
Just run some Google searches to dig deeper and look for press releases, news articles, or any information that details where your cloud storage service actually stores your data. Knowing the physical location of your data is important for two reasons. First of all, you may not want to use a service that hosts your data in a country with strict Internet regulations or lax data security laws.
You’ll want to research the countries where your data is hosted in greater detail, but note that you can use the Reporters Without Borders index to gauge how heavy-handed a government is with its citizens’ information, Internet freedoms, and data security. Often, the lower ranking countries will seize data more frequently than the freer countries.
Furthermore, make sure you know whether or not your data crosses borders (spoiler alert: chances are that it does cross borders). This knowledge is crucial because of nations all over the globe monitor incoming and outgoing data at the edge of their country’s Internet and network infrastructure.
For example, the US NSA reportedly performed wiretapping techniques on data transmissions that were one end domestic and one end foreign.
So if your cloud hosting provider backed up your data that was hosted in the US to an off-shore server farm for disaster recovery, your data probably ended up in a US database within the bowels of NSA headquarters in Fort Meade.
Do you think that your cloud storage provider uses encryption? You may want to think again. The ugly truth is that there are many forms of encryption; some of them are extremely secure, but some forms of encryption are garbage.
Just about every cloud storage provider these days uses some type of encryption, but on a website landing page, they don’t always specify which type of encryption their service uses.
For example, many cloud storage companies only use transport encryption, which (as the name implies) only encrypts your data as it is being sent from your computer to the service’s storage servers. I usually find that these services employ TLS (Transport Layer Security).
But once the data has reached the provider’s network, it is decrypted. Sometimes, but not always, the cloud storage provider will then encrypt your data for storage using AES-256-bit encryption.
Ah, now your data is truly safe and secure, right? Nope! The problem is that a disgruntled employee might be able to decrypt your data and read it. Plus, what would happen if a hacker got their hands on the encryption used to store your data? Your data is still at risk because you don’t personally manage the encryption key. For that reason, make sure your cloud storage service is a zero-knowledge provider.
Zero-knowledge providers let users manage their own encryption keys. That way a disgruntled employee, hacker, or government agency won’t be able to decrypt your data since they don’t know what the key is. To add an extra layer of security, use an independent local file encryption service before uploading your data. I know it sounds ludicrous, but two layers of encryption are better than one.
To summarize, make sure you cover your bases with encryption in the following ways:
- Make sure your provider is a zero-knowledge provider
- Make sure your provider encrypts your data for transport
- Make sure you encrypt files locally with your own user-managed encryption key before uploading files to the cloud
It may seem like overkill, but if you’re going to choose to store sensitive data in the cloud, you need to obey stringent security measures.
Do all of your files need to be uploaded to the cloud? Probably not, but the average user today is far too trusting. Most people just take cloud storage for granted and don’t think that security leaks will ever harm their data. Like car crashes or lightning strikes, most people erroneously think, “Chances are, it will never happen to me.”
But the sad, unfortunate truth is that people are victimized by successful cloud hacks every day, and most of them don’t even know it. For example, recently Equifax was hacked, which affected approximately 145 million people.
The database that was compromised held extremely sensitive information, such as birth date, Social Security Number, driver’s license number, and more. Successful hacks happen every day, and plenty of cloud storage provider, such as DropBox, have lost customer data in the past.
As my grandmother used to so often say, an ounce of prevention is worth a pound of cure. If you don’t need to store certain sensitive information in the cloud, why take the risk? However, note that some backup software (like SpiderOak One) may back up a ton of files by default, and store them in a single backup file. In this case, try to exclude as many sensitive files from the cloud backup job as possible.
Speaking of backups, realize that you don’t need to use the cloud to backup your data. I know, I know, the cloud is really darn convenient, especially if you’re using a file synchronization, backup, and storage service that gives you access to all your data no matter what device you’re using. But if you really need to backup sensitive data, why not just back it up locally?
If your data is so sensitive that the course of your life could be changed should that data be compromised, why risk it? If your identity was stolen, you could suffer virtually irreparable damage to your credit rating.
In the event that you need to backup sensitive data (work documents, legal documents, personally identifiable information, smartphone backups, etc.), why not just store them locally on an external drive?
The cost of external hard drives has diminished considerably over the past decade. You could easily buy a couple of cheap external drives upon which to backup all your sensitive data.
I’d advise making sure that the storage device is encrypted and password protected, however, and I’d also advise you to store the drives in two separate locations to avoid fire damage or natural disaster damage (floods, tornadoes, etc.).
Since all of your backups are local, you won’t even have to worry about cloud storage security concerns. Plus, your data transfers will be exponentially faster since you don’t have to send all your backup data through an Internet connection bottleneck.
Last but not least, remember to use your antivirus security software religiously. At the very least, you should be running a full scan every month. Typically I run weekly custom scans and then a full scan once a month to ensure that there aren’t any threats lurking in the background of my computer.
If you don’t currently use antivirus software, then you’d better go download some ASAP, because you’re just begging for trouble.
The problem with viruses is that they can be pretty squirrely. You won’t know how they can compromise your cloud data until it’s too late. For example, you could unknowingly backup a system image of your computer when it has a virus. Then, whenever you need to restore your computer in the future, you’ll basically be reinstalling the virus.
Furthermore, consider that some viruses work by recording your keystrokes or by harvesting web browser data that you have failed to delete. In an instant, a virus could steal your login credentials to your cloud storage site, and a hacker could have access to all of your sensitive data.
Worse yet, a virus could steal your encryption key! Make sure you protect yourself by using antivirus software to prevent cloud data breaches.
There still isn’t such a thing as a perfect computer system, and the cloud – despite its numerous advantages and conveniences – is nothing more than a gaping security hole. But, by taking these precautions, you can limit your exposure to the vast majority of threats. Remember to implement these best practices to put yourself far ahead of the average cloud user.