Everything in the cloud! Good idea or security risk?
"Where are our vacation shots? Are they gone?" The women seemed on the verge of a stress-related demise while holding her crushed cellphone in her hands. With a smile, her husband (obviously a model for tooth bleaching) turned around and replied in a calm voice: "They can't be gone, they're in the cloud!" Domestic bliss had returned, it was joy all over again, the coffee is ready.
That about sums up the essence of most ads run by cloud service providers. It doesn't matter if a piano drops on you, you're data will still be safe. Whether that's the case is another story since ads are known to exaggerate.
Let's start at the beginning: Using cloud storage means your data (photos, documents and even entire backups) has to be uploaded to a server provided by a cloud service provider. This server is basically an Internet connected hard disk. To access your files later, you simply download them to your local disk. In the case of Dropbox, this means you'll have an app on your cellphone, tablet and computer that allows you to upload/download files through all of your devices. This comes in handy when you need to access a document from any place or work collaboratively on the same document with others. At first, the idea that everything is safe and sound and always accessible online seems great.
My cellphone is a good example that perfectly demonstrates the fine line between convenience and privacy/security thinking. If I wanted, I could have all my data back upped to the cloud to the point where, should I have to get a replacement of the same brand and model, I could simply log into my cloud service and have all my files, contacts, photos etc. restored to their original state. Sounds great, right? At least until you start thinking about what gets saved - and where. Do I really want to have my biometric passport photo stored on some server in China though I know nothing about their security measures and data privacy policies?Secure in the cloud - slight headaches included
Naturally, storage providers take the utmost care and apply immaculate security measures, by their account. Everything is continuously monitored with state of the art technology and all file transfers are encrypted. Is that enough to calm me down? File encryption, as provided by most cloud services, is a bit of a two-edged sword since the encryption key is also stored on their machines. This means their staff can access my files and so can every hacker that manages to break into their systems.
Furthermore, even the biggest players provide little to no details on the whereabouts of their servers. Google, Microsoft and many others are unusually discreet about this information. What good are fierce looking administrators that fight day and night to protect my data against hackers when their own government would like to take a look at my stuff? How easy is it to snoop around in my files? After all, there are huge differences in laws between Europe and the United States! The current legal dispute between the FBI and Apple shows how easily national interests can collide with data protection and privacy. And by the way: The thought of Kim Jong Un looking at the photos from my last barbecue party is frightening.
It also pays to look closely at the privacy policies of each cloud service provider. While Microsoft OneDrive happily scans all your files for illegal content, other providers collect data to share it with "trustworthy third parties". Naturally, many providers need to process your name, your email address, your phone number, your bank account information and your mailing address to "improve their own services". And we'd all love to believe that. Here's a tip: Before signing up with a cloud storage provider take the time to study their data policies and EULA. It'll surely make for a thrilling reading experience!Click just once and everything gets saved somewhere, somehow
When I think of the cloud I can't help but also think of hackers. Reports of hacked cloud services come out quite regularly and few providers such as Evernote or Dropbox openly admit to that. Every company knows that customer trust is key to business success which is why most companies choose to stay tight-lipped. The rational computer scientist in me says that big providers probably take better care of data protection than I do in my own four walls. If your business depends on your ability to protect against hackers, you'll most likely take maximum precautions. Then again, when I lose my data it's my fault. When hackers have invaded the cloud, I can do nothing but wait and see how bad the damage will be. Entrusting someone else with your data requires a leap of faith.
That's why I have decided to only upload files to the cloud that I have encrypted myself. Programs such as Ashampoo Backup Pro 10 encrypt your data with strong AES-256 encryption that, to this date, hasn't been broken. Aborange Crypter or Steganos Save (and many others) also encrypt your files before uploading them to the cloud. This helps bridge the gap between the advantages of cloud services and the benefits of keeping your own data safe. And if you don't feel like joining the cloud, pull that external hard disk out of your drawer and use that instead. Works just as well!