We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.

7 min read 5 comments

Is cloud storage safe? (and how to make it safer)

There still seems to be quite a bit of suspicion out there about cloud storage, especially in relation to its security. There is a common idea that it is not only easy to hack, but also that Google (or whichever other cloud service you use) has complete access to your data along with the NSA. This article will try to address a few of the most common misconceptions about cloud storage and also, sadly, to confirm some of your worst fears. But first, we give you some quick tips on how to stay safe when using cloud storage.

Cloud storage safety tips

  • Read the terms and conditions of your chosen cloud storage service and make sure you are OK with what it contains.
  • Make sure your uploads and downloads are encrypted, and if at all possible, use a service that keeps your data encrypted in the cloud and that also limits the amount of people that can access it.
  • Pre-encryption tools like Boxcryptor and Spideroak allow you to encrypt your data before it ever reaches your cloud service. This is a great idea for taking your data's safety into your own hands.
  • Don't upload anything that you are not comfortable having accessed by someone else, whether that is an employee of your service provider, advertisers or the government.
  • Password protect your home Wi-Fi and don't upload content on public connections, like at a library or cafe.
  • Don't upload anything to the cloud that is illegal or highly sensitive: naked pictures, medical records and financial information are an obvious no-no if you're at all paranoid (and you should be).
  • Get yourself a rock solid password and don't tell it to anyone.
  • Use multiple cloud services for an added layer of redundancy and backup everything outside of the cloud as well.
  • Anticipate what might happen and plan for it: disabled account, stolen laptop, crashed servers, etc.
  • Don't assume a cloud service will be reliable and you're unlikely to be disappointed if and when it turns out not to be.
  • Of course, try to pick a service with a good security reputation before you start too.
dropbox androidpit
Consider your options carefully when choosing a storage provider.  / © AndroidPIT

You need backups for your cloud backup

One of the less discussed issues is that of the permanence of your data. As in, if something happens to your cloud provider what happens to your data? When MegaUpload shut down a while back there was a whole lot of uploaded data that simply vanished into thin air. Most major services do not guarantee the continued availability or integrity of your uploaded content, so you need to consider what your expectations for your data are before you commit it to the cloud. You'll want to make sure you fully understand whether you can get your data back if your account is deactivated or the service shuts down too. And if there's a problem on their side and your data is corrupted, what then?

Know what happens if you lose access

You'll also want to make sure you understand exactly how your account can be deactivated and what happens to your data if it is. Say you have a paid service and you miss a payment: are you simply locked out until you pay your fees or is your data lost? How long is your data saved until it becomes inaccessible?

Nobody likes to read the fine print, but if you're planning on putting important documents or pictures on the cloud, you want to be sure you know what happens to them in the event of something going amiss. And it goes without saying that you want to use the cloud as part of a backup strategy with multiple storage points, this is called redundancy. Do not upload to the cloud alone and expect your data to be secure. You'll also want to arm yourself with information about the laws governing the country or countries in which your data is to be stored.

Know who else has access to your data

The biggest question is: who has access to your data? Maybe you have it encrypted while its being uploaded and your account is protected by an impenetrable password, but what does that count for if the NSA, the cloud service's employees and every advertiser on the planet has free access to your precious data? CISPA (the Cyber Intelligence Sharing and Protection Act, 2013) has widespread support through the technology sector, including Google, and this law means that the companies you use can monitor your cloud content with the intention of ''letting the government know'' if they come across anything dodgy. This is a ludicrous invasion of privacy whether it is couched in terms of ''matters of national security'' or not.

It seems blatantly obvious that anyone up to no good is hardly going to be hosting their global domination strategy in the cloud, so this act really just gives companies carte blanche to snoop in your data and, more likely than not, use that to either target you with advertising or even worse, to data mine your information and sell it to advertisers.

Make sure your data is encrypted at every stage

The next bugbear is about encryption: is your data encrypted while being uploaded and downloaded, and is it encrypted while it is hosted in the cloud? If you don't want to read the terms and conditions of your service you can just do a test upload and see if your URL starts with https or the padlock icon appears in your address bar. Beyond this, you'll want to know who has access to the encryption keys and what kind of security measures your service has in place.

Androidpit privacy security
Whether full disk or file-based, encryption keeps your data safer. / © ANDROIDPIT

Remember that the NSA was simply backdooring Gmail as it bounced between Google's servers and data centers because it was encrypted during sending. If your service doesn't already encrypt during upload and download, you'll either want to find a service that does, or use a third-party application to do the job. You need to know if everything is encrypted too, or just certain kinds of files.

Compare cloud storage providers before choosing one

When choosing a cloud-based storage solution, do some comparisons. You don't need to be a pro to figure out which is better, just look for common standards and look to see who seems to come out on top. For example, 256-bit encryption is obviously better than 128-bit. Alternatively, you can check out one of the many reviews of the best cloud services available. In particular, you could look at one handled by a securities firm or consumer choice agency. Find out if the service stores multiple copies of your data in case of server crashes or natural disasters. Two-step authentication is also a good start, and giving the user the master key is much safer than your service provider holding onto it, as they can easily be subpoenaed by the government.

The truth of the matter is, cloud storage is really no less safe than any other internet-based content. So take some simple steps to make good choices when choosing a provider, what you choose to upload, your password, how many backups you have and don't forget to take some personal responsibility by pre-encrypting your data before uploading it.



Write new comment:
All changes will be saved. No drafts are saved when editing

  • Mark
    • Admin
    Jun 9, 2017 Link to comment

    The "cloud" is nothing but a money making scam. There is no Cloud all you are doing is renting space on a sever. Pay to have your storage there, pay to put it there, pay to get it back though data charges. As for being safe just ask several movie stars that have all their private pic all over the web how safe it is. Micro SD is safer and cheaper. Why do you think Apple will not do Micro SD? Because they make to much money from the so called " cloud ".

  • Best ever is SafeInCloud, in all this years not a single problem or breach reported.

  • While all the above is good advice (especially about independent encryption of confidential data), the worst and most common danger to a user's data is the user's own fallibility, in using casually accessed "sync" services from multiple devices that let the user, or somebody else granted access, easily delete or modify important files. As an early adopter I used to visit the Dropbox forums and the usual complaint was by somebody accidentally wiping out their own files on all connected devices - both cloud and local - and finding Dropbox's data retention time limit had expired and going through days of grief to try to get data restored.

    Anybody using the casual-access "sync" services should employ a real "backup" service or hardware drive, that requires a conscious log-in to access important files. I back up Dropbox and Google Drive manually to a pure online storage service and also to a USB drive for offline access as part of routine monthly maintenance.

  • Well, I will prefer DropBox

  • My1 Mar 24, 2014 Link to comment

    This is also a reason why I must say that it's bad to have juat a few gb of phone storage and no expansion just to drive the ppl to tge cloud...

Recommended articles