There still seems to be quite a bit of suspicion out there about cloud storage, especially in relation to its security. There is a common idea that it is not only easy to hack, but also that Google (or whichever other cloud service you use) has complete access to your data along with the NSA who hacked the security years ago. This article will try to address a few of the most common misconceptions about cloud storage and also, sadly, to confirm some of your worst fears.
One of the less discussed issues is that of the permanence of your data. As in, if something happens to your cloud provider what happens to your data? When MegaUpload shut down a while back there was a whole lot of uploaded data that simply vanished into thin air. Most major services do not guarantee the continued availability or integrity of your uploaded content, so you need to consider what your expectations for your data are before you commit it to the cloud. You'll want to make sure you fully understand whether you can get your data back if your account is deactivated or the service shuts down too. And if there's a problem on their side and your data is corrupted, what then?
The next bugbear is about encryption: is your data encrypted while being uploaded and downloaded and is it encrypted while it is hosted in the cloud? If you don't want to read the terms and conditions of your service you can just do a test upload and see if your URL starts with https or the padlock icon appears in your address bar. Beyond this, you'll want to know who has access to the encryption keys and what kind of security measures your service has in place.
Remember that the NSA was simply backdooring Gmail as it bounced between Google's servers and data centers because it was encrypted during sending. If your service doesn't already encrypt during upload and download, you'll either want to find a service that does, or use a third-party application to do the job. You need to know if everything is encrypted too, or just certain kinds of files.
You'll also want to make sure you understand exactly how your account can be deactivated and what happens to your data if it is. Say you have a paid service and you miss a payment: are you simply locked out until you pay your fees or is your data lost? How long is your data saved until it becomes inaccessible?
Nobody likes to read the fine print, but if you're planning on putting important documents or pictures on the cloud you want to be sure you know what happens to them in the event of something going amiss. And it goes without saying that you want to use the cloud as part of a backup strategy with multiple storage points, this is called redundancy. Do not upload to the cloud alone and expect your data to be secure. You'll also want to arm yourself with information about the laws governing the country or countries in which your data is to be stored.
The biggest question is: who has access to your data? Maybe you have it encrypted while its being uploaded and your account is protected by an impenetrable password, but what does that count for if the NSA, the cloud service's employees and every advertiser on the planet has free access to your precious data? CISPA (the Cyber Intelligence Sharing and Protection Act, 2013) has widespread support through the technology sector, including Google, and this law means that the companies you use can monitor your cloud content with the intention of ''letting the government know'' if they come across anything dodgy. This is a ludicrous invasion of privacy whether it is couched in terms of ''matters of national security'' or not.
It seems blatantly obvious that anyone up to no good is hardly going to be hosting their global domination strategy in the cloud, so this act really just gives companies carte blanche to snoop in your data and, more likely than not, use that to either target you with advertising or even worse, to data mine your information and sell it to advertisers.
When choosing a cloud-based storage solution, do some comparisons. You don't need to be a pro to figure out which is better, just look for common standards and look to see who seems to come out on top. For example, 256-bit encryption is obviously better than 128-bit. Alternatively you can check out one of the many reviews of the best cloud services available. In particular you could look at one handled by a securities firm or consumer choice agency. Find out if the service stores multiple copies of your data in case of server crashes or natural disasters. Two-step authentication is also a good start and giving you the master key is much safer than your service provider holding onto it, as they can easily be subpoenaed by the government.
The NSA question
You're deluding yourself if you think the NSA hasn't been all over cloud storage since it was first made public. We already know that the NSA cracked the securities layer of most major email providers a long time ago and that Microsoft handed cloud access over readily just last year. We also know that the NSA has agreements with a lot of internet companies, whether they are social networks, email services, photo communities, ISPs, cloud services or whatever else to access your personal information. And if the open-door policy doesn't apply then there's strong arm tactics to try to bully weak points or back doors into these services. I think you get my point: whether the NSA is open about hacking your information or not you can bet they're doing it.
- Read the terms and conditions of your service and make sure you are OK with what they contain.
- Make sure your uploads and downloads are encrypted and if at all possible, use a service that keeps your data encrypted in the cloud and that also limits the amount of people that can access it.
- Don't upload anything that you are not comfortable having accessed by someone else, whether that is an employee of your service provider, advertisers or the government.
- Password protect your home Wi-Fi and don't upload content on public connections, like at a library or cafe.
- Pre-encryption tools like Boxcryptor and Spideroak allow you to encrypt your data before it ever reaches your cloud service. This is a great idea for taking your data's safety into your own hands.
- Don't upload anything to the cloud that is illegal or highly sensitive: naked pictures, medical records and financial information are an obvious no no if you're at all paranoid (and you should be).
- Get yourself a rock solid password and don't tell it to anyone.
- Use multiple cloud services for an added layer of redundancy and backup everything outside of the cloud as well.
- Anticipate what might happen and plan for it: disabled account, stolen laptop, crashed servers etc.
- Don't assume a cloud service will be reliable and you're unlikely to be disappointed if and when it turns out not to be.
- Of course, try to pick a service with a good security reputation before you start too.
The truth of the matter is, cloud storage is really no less safe than any other internet-based content, so take some simple steps to make good choices in terms of provider, what you choose to upload, your password, how many backups you have and take some personal responsibility by pre-encrypting your data before uploading it.