Why You Need To Protect Your Data In The Cloud
Several events recently have shown some of the weaknesses, or dangers, of cloud based hosting, and the need for information and guides to aid users in protecting their data in the cloud.
To keep it simple: The cloud in the context of this article refers to all remote storage locations that you do not have full control over. This includes your Dropbox account, your videos on YouTube or the data that you upload to Facebook.
About those events: Dropbox was in the news lately; The cloud storage hosting and synchronization service recently changed their terms of service to better reflect that they decrypt user data stored on Dropbox to comply with valid legal process and U.S. law. This currently affects about one user per month on Dropbox. Dropbox uses strong AES encryption automatically to encrypt all data transfers and data on their servers.
Dropbox came under fire earlier this month when a security researcher found out that Dropbox's local authentication file was not linked to a specific system. Attackers could use the file on other compatible devices to sync all data from a Dropbox account without authenticating. What made matters worse was the fact that the access was not listed in Dropbox's access history, and that changing the password did not invalidate that file.
And then there was Google who announced that they would close down Google Video for good. Users were given time to download their uploaded videos from the service for a period of about four weeks. After that, the videos and all stored information would be no longer available on the Internet.
These unrelated events outline two major cloud hosting dangers: Data availability and security.
Who would have thought that Google Video would be discontinued one day? Sure, it became pretty obvious after the purchase of YouTube, but before that? Closing down a service is an extreme but it happens frequently. You see services going down for a limited period of time more often than that. It recently hit Amazon's cloud storage service which caused service disruptions for popular destinations such as Foursquare or Quora.
You may still believe that sites like Facebook will be there forever. Look at MySpace for instance to see that the logic is flawed. The site is still there but what was once the most popular social networking site on the Internet is now fighting for survival. If it goes down, so will data of all of its users.
Your consequence should be obvious: Keep a local copy of data that you hold dear. You can use backup software to store the data in save locations locally, for instance on DVD or an external hard drive.
Businesses should keep local copies as well, considering that a service disruption might otherwise cut them off from data that they need to run the business. So, instead of relying solely on cloud storage to store contact information, important documents or applications, they need to make those available locally as well to be prepared when the cloud service goes temporarily or permanently down.
- Local Backups and copies of data
- Regular backups or synchronization of data
Data security is the second big issue that you need to address to protect your data in the cloud. Some users say, you should not upload anything to the cloud that needs to be kept secure and protected from third party access. While that's a sound advice, it is not always as easy as that.
The next best thing is to make sure your data is properly encrypted. That's on the other hand not possible in all scenarios. Sure, you can encrypt your data before you upload it to a storage solution like Dropbox or Microsoft's SkyDrive. But you cannot encrypt videos that you upload to Youtube, or text that you publish on your Facebook wall.
You need to follow two different approaches when it comes to securing your data in the cloud. You encrypt what you can, usually files that you have direct access to. I suggest True Crypt for the job but you can use other encryption software as long as it is updated regularly.
I'm going to write a separate article on encrypting Dropbox data with True Crypt.
You need to evaluate data that you post in semi-public or public places, and data that you do not have direct control of once you have uploaded it to the cloud. This includes Youtube videos, wall posts on Facebook, a comment on a third party site or showing everyone your favorite artists on Last.fm.
You may have control over deletion on some services, but that does not mean that the data is gone for good. Someone may have read and liked your Facebook wall post or someone may have downloaded your Youtube video and published it on another video hosting site. You lose full control over your data as soon as you upload it to a semi-public or public place on the Internet.
There is not really a lot you can do once you have uploaded the data. Some services charge a premium to get data removed from the Internet, but even they cannot guarantee that every last bit gets removed.
- Encrypting data whenever possible
- Evaluate data before you post it online
Hosting data in the cloud can be very beneficial for individuals and businesses alike. The benefits have however overshadowed some of the dangers of storing data online. The dangers become more present as more and more people and organizations move to the cloud, and with news that put the focus on those dangers.
I do not understand the move to cloud computing. Only a few things can go wrong on my system, most of them brought about by my own actions. Many things can go wrong in the cloud and, unlike it was originally thought, maintenance is required. Terms of service can change at any moment. Websites can go down or disappear altogether, what is free today will be a subscription tomorrow, unwanted changes to online software can’t be avoided, and if privacy is wanted, good luck with that.
I’m called names (sometimes ugly ones) because I like applications on my computer where no one can make changes to them but me, my files in the folders I’ve chosen for them, and my backups on a drive that sits on my desk. Even my email is delivered to my hard drive. I can’t get over the idea that the internet is for research and a little playtime. You could shut it down today and my programs and files would keep right on running. I can count on it being there in the morning too, just like I left it, no ugly changes made while I had my back turned. :)
I agree with you! I treat my information and computer like a child, I nurture and take care of it, raise him the way I want. I wouldn’t let my child to be taken care of by people who I don’t know, just like my data. Would you let your child be raised and taken care of without your input on how you would like it to happen? Could you imagine the babysitter setting the Terms of Service ….