Data security is an ever-present issue. This is especially true in recent times due to the increasing number of cloud services offered and used. Not only companies, but also individuals have begun to use services such as Google Drive, Dropbox, OneDrive, iCloud and so on. Yet, is all of this online data guaranteed total security and control by the providers?
Some people think that data stored on cloud services can offer total security, while others say the opposite - always fearing that someone might gain access to their sensitive information. Data stored in the cloud is almost always encrypted, which prevents attackers from reading it. At the same time, however, there are also other relatively simple ways in which users can increase the security of their data, despite the fact that a sufficient level of protection is already being offered.
Who has the access key?
The current cloud services in circulation, or at least the most popular ones, protect the data loaded into them with a security key, or encryption key, which is not to be confused with the password you use to access your account. This is an automatically generated alphanumeric encryption key that is associated with your account, used to protect your files from intruders.
Some providers do not give the user with this key and prefer to keep it hidden, in order for the service to automatically encode and decode the data. Others, on the other hand, allow users to view the encryption key and use it autonomously.
About the first of the two cases: in this situation the key is "activated" when the user logs in to his account with a password, thus unlocking his data. This is great, especially in terms of speed and convenience, for less experienced users. However, these services are also less secure, as it would be enough for someone to discover your password to access, copy or (even worse) delete all your data.
This is one of the many reasons why some cloud services have shown questionable security in recent years, such as iCloud, for example.
Is it better for users to own it?
Some lesser known (but still very popular) cloud services, including Mega and SpiderOak, recommend or require users to upload and download files via specific clients and apps that include encryption features. They also allow them to store and display encryption keys.
Although these services are dedicated to the most experienced users, they are not perfect and there is always the possibility that such apps can be compromised allowing an intruder to read the files even before they are encrypted during the upload. In addition, it has already happened more than once - various providers have released updates for their apps with obvious bugs that have compromised security, making the data of users vulnerable.
For those who love backing up their photos, there are several ways to protect them. Pixek is an app that aims to keep photos captured with your smartphone's camera encrypted from the moment they are taken, so they can be sent to the cloud services safely.
Pixek is not yet officially available and in order to try it you need to fill out a form and, later, go to this page on the Play Store to download it. It only works with photos, but other solutions of this kind may soon arise for other types of data, not just for photos.
Protect yourself before you are even connected
To maximize the security of storage within the cloud services it would be better to combine both approaches just seen, ie encrypting files using appropriate software even before uploading. And vice versa, just download the file and go to decryption using the same software once again.
There are many disadvantages to this procedure: you will need the encryption and decryption software always at hand, or, in other cases, it will not be possible to modify the file directly from the live editors proposed by some providers (Google Drive, for example). However, this is probably the right price to pay to prevent any kind of security flaw in cloud services.
My advice is to implement this procedure at least for sensitive files or really important ones. There are a myriad of similar tools online based on open source licenses created by computer security experts with which you can "lock" files before uploading them to the cloud. Some are free, while others are paid, but they are usually sold at reasonably low prices.
Do you use cloud services? How do you protect your files? Let us know in the comments.