By now, you've probably heard a lot about the cloud and how most of our private data is soon going to be stored there. Be forewarned, 'the cloud' will be used many times in the following article. If you aren't sure what 'the cloud' is yet exactly let me explain it to you simply. When we talk about 'the cloud' it really is just a collection of servers that store data somewhere that is not residing in your physical location. That's it. Nothing fancy floating up there in the sky, other than actual real clouds. The number of people entering information into the cloud increases each year by a fascinating amount. Everything we do might soon be stored in servers around the US or even other parts of the world. Some of our mobile devices already automatically sync our data to cloud services such as Apple's iCloud. Our PCs and documents are now also making the move to cloud services and why wouldn't they? It is an easy, no-hassle way to store our information safely and securely, or so we think.
We trust our personal and work data completely with companies providing these cloud solutions, but just how secure are these companies keeping our personal information? You've most likely heard of numerous security breaches with multiple companies which almost seems like a common occurrence. Data privacy legislation proceeds in a tempo that is unable to keep up with the speed of our technological process. You'll find it hard to get any universal rules or laws that could be applicable to any cloud services legally binding companies to uphold standards to protect us. So, what must we accept if we are going to store our data in the cloud?
1. Passwords can be hacked. This isn't something new that you've probably heard. Security professionals have long been shaking their proverbial finger at us for a long time. People who want to obtain our information will use a dictionary and brute force attacks to hack our passwords. You will have to think of a strong password that can easily beat these attacks but also keep you sane from having to remember a 25 character mess. (More on this below.)
2. Data can be captured en route. Fortunately, most cloud services encrypt data while it's going to and from their site, making it impossible to read even if someone were to obtain the files while in transit. Still, if you are using a cloud service in the web, make sure that you have "https" instead of "http" in front of the URL in your browsers address bar. Secure HTTP or HTTPS ensures you that the site you are currently using should be sending files...you guessed it, securely.
3. Data breaches can happen. The data breach at Target, resulting in the loss of personal and credit card information of up to 110 million individuals, was a recent theft that took place during the normal processing and storage of data. People can sometimes get access to data, and what we store in the cloud is susceptible to whatever security practices companies currently have in place.
4. Data loss can also happen. A data breach is the result of a malicious and probably intrusive action, and data loss may occur when disk drives die without the company having created a backup or having reliable redundancy. Small amounts of data were lost for some Amazon Web Service customers who suffered "a re-mirroring storm" due to human operator error in April 2011, showing that data loss could occur un-intentionally or intentionally in the event of a malicious attack.
5. Denial of Services can stop you from obtaining your data. The assault by hundreds of thousands or millions of automated requests for service has to be detected and screened out before it ties up operations, but attackers have improvised increasingly sophisticated and distributed ways of conducting the assault, making it harder to detect which parts of the incoming traffic are the bad traffic versus legitimate users. This leaves you without access to your data and sometimes they shut down the service for an unknown amount of time to fix the problem.
6. There could be malicious insiders. With the Edward Snowden case and NSA revelations in the headlines, malicious insiders might seem to be a common threat. If one exists inside a large cloud organization, the hazards are magnified. We must rely on the company to have practices in place to protect us, or have encrypted data to protect us from theft.
We can break these problems down into 3 simple questions. Is my data securely stored? Is my data safe from outside intruders/attacks, and also protected from other tenants in the cloud service? Is my data protected from the cloud provider themselves or government officials trying to collect corporate server data? These are very important questions to ask our providers. The real question is, how can we protect ourselves from what almost seems like an inevitable breach in our personal data we store in the cloud?
1. Read up about where you are storing your information. Every cloud provider has different guidelines and security about how they store your data. You wouldn't want your important or sensitive data stored in someone’s garage server would you? They should even state whether or not they comply with government gathering data. Most big companies are cracking down on security measures and offer many ways to protect you such as two-factor authentication. I always recommend the extra step in enabling two-factor authentication. It may seem like a hassle, but if security is important to you then this step is a must.
2. You need to get serious about passwords. Yes, yes, you've heard it one thousand-trillion-infinity times, but it's still a problem! The reason people lose sensitive and important data is almost always related in some way with weak passwords. Even worse, many people use the same password for multiple accounts making them even more vulnerable with cloud services. My favorite XKCD comic shows us how we've been creating our passwords all wrong. Creating a long password such as "correcthorsebatterystaple" is very easy to remember, but for a PC to guess it is very difficult. Obviously, simplicity is what we are going for, (Which is why most of us use the same "strong" password for many accounts.) so try to correlate your passwords with your service. You want to create a password in Google Drive cloud storage for your accounting documents? What about, "storagedocumentsaccountingworkgoogle." See? Easy as pie.
3. Encrypt your data before sending it to the cloud. Encryption is, so far, the best way we can protect our data. Encrypting our data before we send it to our cloud storage is often the safest solution in many of the cases we made above. This way if someone was to obtain the data they would not be able to read the contents.
4. Use an encrypted cloud service. This may not always be an option and there isn't many options as of late. The cloud provider in some way should provide local encryption and decryption of your files in addition to storing and backing them up. This means that the service takes care of both encrypting files on your computer and storing them safely in their cloud infrastructure. This way not only would intruders not have access to data, but also neither would the service providers or administrators.
The bottom line is we need to think about where we are storing our data and how comfortable we are with storing it in sometimes less than reputable places. Whether we like it or not data is slowly migrating to cloud infrastructure in many businesses, but we also have a choice to choose what we do to protect ourselves and our data.
Are you a candidate for cloud services? Are you currently using cloud services? How safe is your data? Contact NetWork Center, Inc. to talk to one of our engineers about your cloud services.