The importance of secure cloud storage

Storing things locally on a smartphone, tablet, or computer hard drive, can easily lead to your personal data being lost forever. Photos, songs, videos, text files - and other important data amassed over time - will all be lost if your hard drive becomes corrupt, or if your physical device is lost, stolen, or irreparably damaged.

cloud storage

A simple solution to this problem is to back up your data frequently to the cloud. Doing so provides a couple of advantages. Firstly, it means that your data is always available no matter where you are. Secondly, it means your files are safely squirreled away no matter what might happen to your device. 

However, as is always the case when storing data on Internet-connected servers, concerns exist over security and privacy. Backing up using cloud storage could allow your personal data to fall victim to hackers or government snoops. It is even possible that the firm who stores your data could access your data themselves. In addition, your data could be intercepted while in transit. 

As a result, using cloud storage could allow your sensitive personal data to be exposed or stolen. That is why it is important to know the difference between varying kinds of cloud storage, to ensure you get one that is actually secure

Encrypted Cloud Storage

This kind of online storage provides encryption for the files that you store on its servers. All cloud storage companies, nowadays, provide this level of security. What’s more, the vast majority of the time the encryption levels advertised by these firms looks good on paper (AES 256, etc). 

However, with this kind of encrypted cloud storage, the key for your files is stored by the cloud firm on your behalf. This is usually done to give consumers the ability to recover their account if they happen to forget, or lose their password. This is important for some consumers, because they fear the possibility of losing all of their files if they happen to forget their password.

While recoverability may be an issue for some people, the reality is that this kind of encryption is concerning in terms of privacy and security. This is because it relies on the key to your data being stored by a third party. As a result, your data could theoretically be accessed by someone other than you. For example, the firm could grant government workers access to your data. 

Another problem with this kind of cloud storage surrounds what happens when data is deleted or if an account is closed down. If your data is encrypted by the cloud storage firm on your behalf, it is possible that your data could be recovered at a later date. In fact, you must trust the firm to delete it at all, and this by no means guaranteed. As a result, your data’s privacy could be at risk long into the future.

Another question surrounds what happens if a cloud storage company is sold or acquired. If that happens, your data’s privacy is not assured. Your data is freely available to the cloud storage company - and could theoretically be viewed by whoever takes over the company if there is a change in policy.

As you can see, it is important to remember that even if you have a password for your cloud storage - and the firm states that it is encrypting your data - this is not a guarantee that your data is secure. Unless you use secure cloud storage with end-to-end encryption (e2ee) - your data could be accessed by a third party or hacker. 

Secure cloud storage with end-to-end encryption

Secure cloud storage with e2ee is the natural solution to the problems mentioned above. Secure cloud storage encrypts your data in such a way that it is completely inaccessible to anyone but you. e2ee guarantees (if it is working as advertised - ie, open source and audited) that the firm storing your data has zero-knowledge of your data or the keys used to encrypt it. 

E2ee is the only truly secure form of cloud storage because all stored data is encrypted by the user before it is transmitted via the internet to the cloud storage servers. This is the ideal solution for storing data on the cloud because it means that the service provider never sees anything but encrypted data. In addition, because your data is encrypted prior to being communicated across the internet, your data is never vulnerable to attacks while it is in transit (Man in the Middle attack). 

What’s more, with e2ee you never need to worry about whether a firm has actually deleted your data if you close down your account. It is also of no concern if a cloud storage firm is sold, acquired, or infiltrated by a government agency. As long as the end-to-end encryption provided by the firm is strong -  your data won’t be accessible to anyone but you (unless current encryption standards are somehow broken at some point in the distant future). 

Closed source VS Open source

When it comes to selecting a secure cloud storage provider with e2ee, it is also important to consider whether it is closed or open source. Closed source software is never recommended (especially for privacy services) because it is impossible to verify the claims made by the provider. 

Closed source software keeps the source code completely locked up. As a result, it can never be independently audited by security professionals. In relation to secure cloud storage, this means the service could be lying about the privacy and security levels provided. If a service is closed source - you have to take the service at its word - and it is possible that the client software could be transmitting your master key to a third party (completely destroying the e2ee security). 

Open source code works in the opposite manner. It is licensed in such a way that anybody can use the code. More importantly, the entire code base is made freely available to anybody who wants to access it. This allows security researchers to analyze and audit the code to ensure it doesn’t contain any errors, vulnerabilities, or deliberate backdoors.

Anybody who cares about secure cloud storage needs to consider carefully which service they opt for. To be truly secure, the service should provide strong e2ee. However, for that e2ee to be trustworthy - it must also run on open source apps that have been properly audited. 

Encryption in transit 

Cloud storage services tend to use the TLS protocol to protect your files from eavesdropping while they are in transit. TLS establishes a secure connection between you and the company’s servers by performing a handshake using a cipher, authentication and key exchange. 

Even if you opt for a service that encrypts your data on your behalf, TLS should (if done correctly) ensure that your data is secure as it passes from you to the company’s servers.

However, this is still nowhere near as secure as a service where you encrypt your data before sending it across. E2ee means that your data is already securely scrambled before it is transmitted using TLS. As a result, you do not need to worry about the implementation levels of TLS security.

If you opt to use a cloud storage service that encrypts data on your behalf, on the other hand, it is a good idea to check the service’s SSL/TLS encryption implementation by visiting Qualys SSL Labs. Any score below an A could mean your data is under threat of being hacked during transit. 

How online storage can help you

Using online storage allows you to free up space on your local hard drives. It also means that no matter what device you use - or where you happen to travel in the world - you will always have access to your files. As a result, you can watch your videos, listen to your music, or access work files on the go. 

Using secure online storage, simply means that in addition to those benefits - your data is also kept private and secure. This is important because hacking and cyber-crime are extremely prolific.

Secure online storage also protects you against malware or ransomware attacks, by keeping your data securely stored in an online vault. When we browse the internet, opening emails, clicking on pop-ups, and opening attachments, can all allow us to become infected with malware. 

If you are unlucky enough to be hit with Ransomware, your entire hard drive or mobile device could end up completely locked. As a result, you will not be able to access your data without paying a ransom. 

By storing all your important data online, rather than locally, you will never have to fear your local drive being affected by a virus or ransomware. The same is true if a device becomes corrupt, broken, lost, or stolen; thanks to secure online storage you (and only you) will be able to access your data online.

Secure online storage - Conclusion 

If you want to back up your data online, it is much better to opt for secure online cloud storage with e2ee. Cloud storage in which you do not have absolute control over the encryption process is not good for privacy and security.

On the other hand, any cloud storage with e2ee can never be recovered if you lose your password. This is because the cloud storage firm has zero-knowledge of your master password and key. So, if you lose your password you will lose access to your files.

If this sounds too risky for you, you may prefer to opt for a more traditional encrypted cloud storage solution. The option is yours, and depending on your personal circumstances, this kind of storage may be suitable for your needs.

Despite this, here at ProPrivacy.com we recommend that before choosing a cloud storage service, you always make an effort to research exactly how your data will be stored. As well as the kind of protection the firm provides, and whether it is closed or open source. 

Written by: Ray Walsh

Digital privacy expert with 5 years experience testing and reviewing VPNs. He's been quoted in The Express, The Times, The Washington Post, The Register, CNET & many more. Ray is currently rated #4 VPN and #3 internet privacy authority by Agilience.com.

0 Comments

There are no comments yet.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives: