Is cloud storage safe? How to protect your data
There still seems to be quite a bit of suspicion out there about cloud storage, especially in relation to its security. There is a common idea that it is not only easy to hack, but also that Google (or whichever cloud service you use) has complete access to your data along with the NSA. This article will try to address a few of the most common misconceptions about cloud storage and also, sadly, to confirm some of your worst fears.
Cloud storage safety tips
First, we give you some quick tips on how to stay safe when using cloud storage
- Read the terms and conditions of your chosen cloud storage service and make sure you are OK with what it contains.
- Make sure your uploads and downloads are encrypted, and if at all possible, use a service that keeps your data encrypted in the cloud and that also limits the number of people that can access it.
- Pre-encryption tools like taking your data's safety into your own hands.
- Don't upload anything that you are not comfortable having accessed by someone else, whether that is an employee of your service provider, advertisers or the government.
- Password protect your home Wi-Fi and don't upload content on public connections, like at a library or cafe.
- Don't upload anything to the cloud that is illegal or highly sensitive: naked pictures, medical records and financial information are an obvious no-no if you're at all paranoid (and you should be).
- Get yourself a rock-solid password and don't tell it to anyone. Better yet, use a password manager.
- Use multiple cloud services for an added layer of redundancy and backup everything outside of the cloud as well.
- Anticipate what might happen and plan for it: disabled account, stolen laptop, crashed servers, etc.
- Don't assume a cloud service will be reliable and you're unlikely to be disappointed if and when it turns out not to be.
- Of course, try to pick a service with a good security reputation before you start too.
You need backups for your cloud backup
One of the less discussed issues is that of the permanence of your data. As in, if something happens to your cloud provider what happens to your data? When MegaUpload shut down a while back there was a whole lot of uploaded data that simply vanished into thin air. Most major services do not guarantee the continued availability or integrity of your uploaded content, so you need to consider what your expectations for your data are before you commit it to the cloud.
You'll want to make sure you fully understand whether you can get your data back if your account is deactivated or the service shuts down too. And if there's a problem on their side and your data is corrupted, what then?
Know what happens if you lose access
You'll also want to make sure you understand exactly how your account can be deactivated and what happens to your data if it is. Say you have a paid service and you miss a payment: are you simply locked out until you pay your fees or is your data lost? How long is your data saved until it becomes inaccessible?
- Time to get smart about cloud services and security
- How to securely hide your files and apps on Android
Nobody likes to read the fine print, but if you're planning on putting important documents or pictures on the cloud, you want to be sure you know what happens to them in the event of something going amiss. And it goes without saying that you want to use the cloud as part of a backup strategy with multiple storage points, this is called redundancy. Do not upload to the cloud alone and expect your data to be secure. You'll also want to arm yourself with information about the laws governing the country or countries in which your data is to be stored.
Know who else has access to your data
The biggest question is: who has access to your data? Maybe you have it encrypted while it's being uploaded and your account is protected by an impenetrable password, but what does that count for if the NSA, the cloud service's employees and every advertiser on the planet has free access to your precious data? CISPA (the Cyber Intelligence Sharing and Protection Act, 2013) has widespread support through the technology sector, including Google, and this law means that the companies you use can monitor your cloud content with the intention of ''letting the government know'' if they come across anything dodgy. This is a ludicrous invasion of privacy whether it is couched in terms of ''matters of national security'' or not.
It seems blatantly obvious that anyone up to no good is hardly going to be hosting their global domination strategy in the cloud, so this act really just gives companies carte blanche to snoop in your data and, more likely than not, use that to either target you with advertising or even worse, to data mine your information and sell it to advertisers.
Make sure your data is encrypted at every stage
The next bugbear is about encryption: is your data encrypted while being uploaded and downloaded, and is it encrypted while it is hosted in the cloud? If you don't want to read the terms and conditions of your service you can just do a test upload and see if your URL starts with https or the padlock icon appears in your address bar. Beyond this, you'll want to know who has access to the encryption keys and what kind of security measures your service has in place.
Remember that the NSA was simply backdooring Gmail as it bounced between Google's servers and data centers because it was encrypted during sending. If your service doesn't already encrypt during upload and download, you'll either want to find a service that does, or use a third-party application to do the job. You need to know if everything is encrypted too, or just certain kinds of files.
Compare cloud storage providers before choosing one
When choosing a cloud-based storage solution, do some comparisons. You don't need to be a pro to figure out which is better, just look for common standards and look to see who seems to come out on top. For example, 256-bit encryption is obviously better than 128-bit. Alternatively, you can check out one of the many reviews of the best cloud services available. In particular, you could look at one handled by a securities firm or consumer choice agency. Find out if the service stores multiple copies of your data in case of server crashes or natural disasters. Two-step authentication is also a good start, and giving the user the master key is much safer than your service provider holding onto it, as they can easily be subpoenaed by the government.
The truth of the matter is, cloud storage is really no less safe than any other Internet-based content. So take some simple steps to make good choices when choosing a provider, what you choose to upload, your password, how many backups you have and don't forget to take some personal responsibility by pre-encrypting your data before uploading it.
What steps do you take to ensure your data is safe in the cloud? Let us know in the comments below.
My top security procedure for all things "cloud" is to prevent my phone from remembering the password. If you have apps that access your data and you just need to say "ok" because the password field is already filled out, then anyone who gets access to your phone has access to your data.
Android Pit please review PCloud lifetime storage. I find it very fascinating and a great value for money.
Thanks for the article! I used several cloud services, looking mostly for good and safe storage options - my favourite one by far is MyAirBridge.com. I find it to be a super reliable service, plus there are so many options for a good value. I also appreciate the option of sharing data in a team, it comes in really handy. Try it out :)
I have open accounts on multiple cloud services because I wanted to test (not very thoroughly) several solutions, all free.
In addition to the current Google Drive account, I use OneDrive.com. Mega.nz (50 GB), Copy.com (15 GB), Box.com (10 GB), ADrive.com (50 GB), pCloud.com (10 GB), Bitcasa.com (15 GB), hubiC. com (25 GB), Tardis-Box.com (150 GB), OziBox.com (100 GB). Some of these accounts no longer use them because they have become counter-cost, or they no longer work. Each account has a more or less functional interface, with advantages and disadvantages, but I will not go into detail now.
For syncing photos in your phone, they use Google Photos and OneDrive (both with Android apps) and Mega as well. The great advantage for Google Photos is the unlimited storage of photos (up to 16 mega pixels resolution) and movies (Full HD).
As well as storage, I remember that Yahoo has 1 TB of storage space, but it is only for emails.
We also tested storage accounts in China because the storage was huge, we found options of 5 TB, 10, 20, 30, 60, even 100 TB and 200 TB of free storage. And the largest space I just read, offered 400 TB of storage. From pure curiosity, I tried a few accounts, but all are in Chinese language, and so harder to use.
For a current and very intuitive use I recommend pCloud.com and hubiC.com.
For those interested, counter-cost services offer many additional options, including higher access speeds, and other management options.
Call me old fashioned I still believe that you save sensitive data on a external harddrive or solid state drive and keep it in a safe. You have a far lesser chance of being hacked on a external hdd in a safe or it gets stolen from a safe than someone hacking a server. Just my opinion might be wrong.
The "cloud" is nothing but a money making scam. There is no Cloud, all you are doing is renting space on a sever. Pay to have your storage there, pay to put it there, pay to get it back though data charges. As for being safe just ask several movie stars that have all their private pic all over the web how safe it is. Micro SD is safer and cheaper. Why do you think Apple will not do Micro SD? Because they make to much money from the so called " cloud ".
Yes.. You are hundred percent right.. The 'Cloud' is a very fascinating and tempting word for those who want to save their data securely. Thanks Mr. Mark, You said it. Yes.. they all make money from our innocence and ignorance...
Best ever is SafeInCloud, in all this years not a single problem or breach reported.
While all the above is good advice (especially about independent encryption of confidential data), the worst and most common danger to a user's data is the user's own fallibility, in using casually accessed "sync" services from multiple devices that let the user, or anybody granted access, easily delete or modify important files. As an early adopter I used to visit the Dropbox forums and the usual complaint was by the user, or anybody trusted with access, accidentally wiping out their own files across all the synchronized devices - both cloud and local - and finding Dropbox's data retention time limit had expired, then going through days of grief to try to get data restored.
Anybody using the casual-access "sync" services should employ a real "backup" service or hardware drive, that requires a conscious log-in to access important files. I back up Dropbox and Google Drive manually to a pure online storage service and also to a USB drive for offline access as part of routine monthly maintenance.
Some good advise Albin. But the life span of a usb is not that good. I have seen clients loose important data due to usb's failing on them. I rather keep multiple copies on different hdd's or ssd's. You have a lesser chance of them failing than a usb in my experience.
You're right, I didn't mean thumb drive but external SSDs like Western Digital's that plug into USB ports, but can be kept safely away in case of burglary or disaster - I don't even attach "pure" backup drives often enough for much risk of failure. Should also say everything on my Android devices is cloud-synched with PC so backup is from that. Just bought a WD 4TB drive for about U$100 - prices way down.
Well, I will prefer DropBox
This is also a reason why I must say that it's bad to have juat a few gb of phone storage and no expansion just to drive the ppl to tge cloud...