A few weeks ago I wrote an article titled Best Free Storage Providers. Since then, many people have asked me, is it safe to use online or cloud storage providers? My answer is yes, as long as you use a reputable storage provider such those listed in my previous article. As a matter of fact, one of the providers that I listed, Symform, takes data security and integrity so seriously that it doesn’t even have access to your files. Your files are chopped up into as many as 64 slices, which are each individually encrypted with a different key. The files are then copied across 96 undisclosed locations and then rotated in a regular but undisclosed schedule. For those who want more specific details, click here to view their documentation. Compared to other providers, this pre-encryption scheme seems to be unique to Symform.
Other cloud storage providers do a good job of safeguarding your data during the file transmission process from your computer to their storage servers and then securing it once it is there. If you view the FAQ section of Dropbox, you will find the following:
“Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks.” This is an important statement to elaborate on given the nature of their service. The point of using cloud storage is so that you can access your files from several computers. The issue is that your files are not necessarily safe when you access those files on unsecured computers. Let’s look a few examples where this could present a problem.
You are on vacation and decide to use a public computer during your stay and want to get some work done. There are no restrictions on the computer and the guest account has administrator access. Because of this, you are able to install the application for Dropbox, Ubuntu One or Skydrive in order to access your files. You make sure you close the program once you are done using it and log off the computer. At some point when you are back home, you notice that the computer you used while on vacation is listed in your account settings and you remove it or de-authorize it. What you don’t realize is that the folder may still be on the computer you used while on vacation, and the folder was accessible to everyone else who logged into the computer during your stay. Since it’s not your computer, you probably cannot simply go over and delete the folder. At this point, you offer to buy the computer from the hotel staff citing sentimental value as a way to get your files back.
Your primary computer stops working, so you decide to borrow your son or daughter’s laptop until you can get yours fixed. You are happy that you have your files saved with cloud storage because you would have lost all your data when your computer stopped working. You decide to install the storage program on your kid’s computer so you can get some work done. One week later, you have your replacement computer and you make sure to remove the storage program along with your folder so that you don’t repeat the incident from your last vacation. A few weeks go by and you start to notice some strange activity on your financial accounts and an important company document that you were working on somehow leaked to the internet. After extensive research, you trace the problem to a music/file sharing program that was installed on your child’s computer. This program allowed others to download files from the laptop in any of the default file types, including your word document. At this point, you decide that you needed a new job anyway.
Although completely made up, these two scenarios can at least give you an idea of how your files can become less secure by viewing them on other computers. Although this may not be a big concern for home users, a typical service provider will have a disclosure that is similar to the one on the Dropbox website:
“Dropbox employees are prohibited from viewing the content of files you store in your Dropbox account, and are only permitted to view file metadata (e.g., file names and locations). Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that’s the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access except in these rare circumstances.”
Most companies that store your data will generally have statements similar to the one above. Moreover, it is a generally accepted fact of life that there are thousands of people in different government agencies and companies who have access to your sensitive information. So, what is the big deal with adding one more to the list? Again, for home users, this might not be a big deal. However, certain businesses may care very much for any number of reasons. Not to mention, why depending on trust, when you do not have to? The good news about storing data on cloud storage providers is that you can easily encrypt your data before it lands on their storage devices. Encryption technology is commonly found in many of the programs that you might already be using. For example, some common programs such as those found in Microsoft Office or Libre Office, have the option of encrypting your file(s) and locking them down with a password. You can also use a free, open source file compression program such as 7-Zip to not only reduce the size of your files, but to encrypt them as well. There is another open source program called TrueCrypt that provides encryption options that are more advanced than the other two.
The drawback of using some of these options is that they can make your files more cumbersome to work with. If you decide to add a password to your documents, then that is one extra step that you have to take each time you open the document. If you place your files in a password protected archive created by 7-zip, then you will have to add two extra steps for accessing your files. Enter your password, then extract the file. If you have any apps installed on your cellphone to view your online files, they might not be able to work with password protected or compressed files. Speaking of cellphone apps, they introduce another security issue altogether. By allowing a cellphone app to access your online storage account, you may be inadvertently granting full access to your entire folder to the app maker. For example, if you have a cool new picture taking program that you have installed and it automatically syncs the pictures to your online storage folder, you might think that it only has access to the picture folder. Instead, it may have access to the entire online storage folder, including any potential corporate documents that you have stored on your personal account. Anyone can create and publish an app for download. This includes reputable companies with privacy statements as well as independent developers who offer their apps with no warranty, stated or implied.
Since technology is always changing, some of the statements made here might no longer apply 4 years from now or even 2 weeks from now. For the most up to date information, always go directly to the manufacturer website to confirm any details that you find important. If you are evaluating storage providers for personal use and don’t want to read a bunch of documentation, consider making a friend in your company’s IT department. I’ve heard that candy is a good way to get techs to answer questions that might not be 100% work related, especially if their shift is over.
