Table of Contents
How Secure Is Your Data When It’s Stored in the Cloud?
Data security is becoming more of a concern as cloud storage becomes more popular. For some time, businesses and colleges have been growing their usage of Google Drive, and many individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive, and other similar services. They’re probably worried about keeping their information private—and if they were more confident in the security of their data, millions more people would save it online.
Data kept in the cloud is almost always encrypted, meaning that an intruder would have to crack the code before reading it. However, as a cloud computing and cloud security expert, I’ve seen that the location of the encryption keys varies between cloud storage services. Furthermore, there are several relatively simple techniques for users to improve their data security beyond what is incorporated into the services they use.
Who Holds The Keys?
Each user’s data is encrypted with a unique encryption key in commercial cloud storage solutions. Without it, the files resemble gibberish rather than helpful information.
But who has the key? Individual users or the service itself can store this information. Most services maintain the key, allowing their systems to access and analyze user data, such as indexing information for future searches. When a user enters in with a password, these services gain access to the key, unlocking the data for the user to utilize. This is far more convenient than requiring users to keep their keys.
However, it is less secure: just like ordinary keys, if they are in someone else’s hands, they could be stolen or misused without the data owner’s knowledge. Furthermore, certain services may have security weaknesses that expose users’ personal information.
Letting Users Keep Control
Mega and SpiderOak, two more minor popular cloud services, require users to upload and download files using service-specific client cloud storage security apps that incorporate encryption features. This extra step allows users to maintain their encryption keys. Users give up some features, such as the ability to search their cloud-stored files, in exchange for increased security.
These services aren’t flawless, and their apps may be hijacked, allowing an intruder to read your data before they’re encrypted for uploading or after they’ve been downloaded and decrypted. Even worse, an encrypted cloud service provider could include capabilities in its app that expose data. Of course, if a user forgets their password, the data is lost forever.
According to one new mobile software, phone images can be encrypted from the moment they’re shot until they’re transmitted and stored in the cloud. Different new services may emerge that provide similar protection for other sorts of data. Still, users should be vigilant against the possibility of information being stolen in the brief moments after a photograph is taken before it is encrypted and saved.
Protecting Yourself
It’s ideal for mixing the attributes of these several ways to maximize cloud storage security. Encrypt data before transferring it to the cloud with your encryption software. Then, in the cloud, upload the encoded file. Log on to the service, download the file, then decrypt it yourself to regain access to it.
This, of course, precludes users from taking advantage of many cloud services, such as live document editing and searching for files saved in the cloud. And the cloud service provider could still tamper with your data by modifying the encrypted file before you download it.
Authenticated encryption is the best approach to protect against this. This approach maintains an encrypted file and metadata that allows a user to determine whether the file has been updated since it was produced.
There are two fundamental options for folks who don’t want to learn how to program their tools: Look for a cloud storage provider that uses open-source upload and download software that independent security researchers have verified. Alternatively, encrypt your data before uploading it to the cloud using reputable open-source encryption applications; they are available for all operating systems and are often free or extremely low-cost.
Read More: