Are my files really safe if I store them in the cloud?

Storing your data on cloud servers is easier than ever -- many services offer drag-and-drop interfaces or seamless automatic backup. Be sure you're handling your files mindfully.
Storing your data on cloud servers is easier than ever -- many services offer drag-and-drop interfaces or seamless automatic backup. Be sure you're handling your files mindfully.
©iStockphoto.com/alexsl

The days of keeping all your documents, photos and music on your computer's hard drive are gradually coming to a close. Today, cloud storage is helping to solve the ever-present need for more storage space to hold all of your digital property. But is all your personal data safe out there on the Internet?

To answer this question, we need to examine two things. First, we need to decide what constitutes data security. Is password access to the storage sufficient, or should files be fully encrypted on the storage device? Some of that will be up to you, but everyone should note these important security points:

  • Passwords can be hacked. This doesn't mean that passwords aren't safe, just that they're vulnerable to dictionary and brute force attacks, as described in our article How Hackers Work. If you choose a cloud storage solution that relies on a password to access your data, choose a password that's difficult to hack with dictionary attacks, and change your password often to reduce the chances of success from brute force attacks.
  • Passwords can be hacked. This doesn't mean that passwords aren't safe, just that they're vulnerable to dictionary and brute force attacks, as described in our article How Hackers Work. If you choose a cloud storage solution that relies on a password to access your data, choose a password that's difficult to hack with dictionary attacks, and change your password often to reduce the chances of success from brute force attacks.
  • Data can be captured en route. Fortunately, most storage services will encrypt the data while it's traveling back and forth, making it impossible to read even if someone captures the files. If your cloud storage works through a Web app, look for "https" instead of "http" in front of the URL in your browser's address bar. That extra "s" indicates the form is using secure HTTP. If you have a standalone cloud storage app installed on your computer, check to be sure that app uses some type of encryption for its Internet exchanges.
  • People are more dangerous than computers when it comes to hacking. Don't give out your password to anyone, even someone claiming to be from technical support. One of the biggest dangers for security is social engineering: creating a trust between the hacker and the end user that causes the end user to happily hand over personal information. Note that when you speak with the real technical support specialists, they'll require only minimal identifying information from you, and most likely not your password.
  • Hackers usually want the most information for the least effort. This means they will likely attack the heart of a cloud storage service rather than its individual users. Thus, you probably want to find a service provider with a good history of keeping its clients' accounts and data secure.
  • Your data isn't always immune to search and seizure by local government entities. In the U.S., for example, any cloud storage company could be served a subpoena requiring them to open their clients' data for government examination.

We also need to look at cloud storage providers to see which ones are doing the most to keep your information safe. Next, let's look at how the major cloud storage providers protect data and go over some tips for choosing a safe cloud storage service.

Safe Cloud Storage Options

When you're shopping for a cloud storage service for your files, you'll probably start by considering what you plan to store and how you need to access it. Along with that, determine how important it is to keep that information secure. For example, if you're storing important documents about your medical history or home finances, you may be more concerned about keeping your data safe than you would, say, music files from CDs you've ripped. Here are some safety features to look for when you're shopping:

  • A company with a reputation for excellent physical and network security
  • Multiple-level redundancy, meaning there are multiple copies of your data to prevent loss in the case of a single disk or server failure
  • Redundancy across multiple geographic locations, so when a natural disaster destroys your data at one location, that same data is still available elsewhere
  • How long it takes to delete a file across the redundant servers in the cloud, or if it's ever truly deleted from the cloud storage banks

Cloud security hasn't been as rigid for end-user storage services as it has for enterprise-level clouds. As a result, even the top cloud storage options available to you have some vulnerabilities. While these vulnerabilities are probably not a big concern for most users, they are worth noting if you decide to store sensitive personal information. The following are just a couple of examples:

Dropbox -- Dropbox is simple and sufficient for most users, encrypting your data while it's in transit over the Internet. In its simplicity, though, it did leave a couple of security holes. First, it left local authentication protection up to its users. All you need to sign in from another computer is a copy of your Dropbox configuration file, so you're responsible for limiting access to your local computer. Dropbox also leaves the names of your files in plain text. It's up to you whether you want a third-party security application to encrypt and decrypt the data in the folder you're synchronizing locally to protect filenames and prevent anyone from reading that data without your additional decryption keys [sources: G.F., Newton].

Amazon Cloud Drive -- Amazon stands toe-to-toe with Dropbox when it comes to simplicity and availability across platforms. Amazon is also up front about one of your security risks. In its user agreement, Amazon Cloud Drive declares its right to access your files and disclose account information to offer support and to ensure compliance with that agreement. Since the Cloud Drive offers streaming of MP3, this is largely to enforce copyright law regarding music. If you want to protect those files, you'll have to give up the streaming option for media files and use a third-party encryption app for all the data you synchronize to the Cloud Drive [sources: Vaughan-Nichols, Raphael].

So, our answer to the title question for this article is this: Yes, but know the limitations of your cloud storage service before you start uploading. For more information on cloud security, head on to the next page.

Related Articles

More Great Links

Sources

  • Bradley, Tony. "iCloud Raises Serious Data Security Concerns." PCWorld. PCWorld Communications, Inc. Jun. 8, 2011. (Sep. 7, 2011) http://www.pcworld.com/businesscenter/article/229823/icloud_raises_serious_data_security_concerns.html
  • G.F. "Internet security: Keys to the cloud castle." The Economist. The Economist Newspaper Limited. May 18, 2011. (Sep. 7, 2011) http://www.economist.com/blogs/babbage/2011/05/internet_security
  • Newton, Derek. "Dropbox authentication: insecure by design." Blog: Information Security Insights. Apr. 2011. (Sep. 7, 2011) http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
  • Raphael, J.R. "Amazon Cloud Drive: 3 things to consider before you commit." Computerworld, Inc. Mar. 30, 2011. (Sep. 7, 2011) http://blogs.computerworld.com/18056/amazon_cloud_drive
  • Rothman, Rachel. "Cloud Computing: Safe Data Storage." Good Housekeeping. Hearst Communications, Inc. Mar. 28, 2011. (Sep. 7, 2011) http://www.goodhousekeeping.com/product-testing/from-the-lab-blog/Cloud-Computing
  • Vaughan-Nichols, Steven J. "No Privacy on Amazon's Cloud Drive." ZDNet. CBS Interactive. Mar. 29, 2011. (Sep. 7, 2011) http://www.zdnet.com/blog/networking/no-privacy-on-amazons-cloud-drive/882