5 Tips to Keep Your Data Secure on the Cloud
How can you be sure the information you store on the cloud is safe? The short answer is you can't. However, you can take some protective measures. Here are five data privacy protection tips to help you tackle the issue of cloud privacy.
The number of personal cloud users grows year after year and shows no signs of slowing. Gartner predicted in 2012 that by 2014, the entire shift from offline PC work to mostly on-cloud work would be complete. And it's already happening.
Today, we rarely send a large number of photos via email, and we no longer carry documents on USB flash drives. The cloud has evolved into a gathering place for people to meet and exchange information. Furthermore, it has evolved into a location where data is stored indefinitely.
We are becoming more and more confident in the cloud. Even our bank documents, ID scans, and confidential business papers have found a new home on the cloud. But how do you know your information is safe and secure out there?
For the time being, you cannot. Data privacy legislation moves at a reasonable pace, unable to keep up with the rate of technological advancement. Take a look at how different countries or regions handle legal issues concerning data privacy in the cloud.
There are few universal rules or laws that could apply to any user and any cloud service regardless of geographical boundaries or residence. Today's information privacy legislation consists of a wide range of declarations, proposals, and roadmaps, the majority of which are not legally binding.
Cloud Security Issues Span the Globe
The privacy of the information on the Internet is a problem for legislators all over the world. Several issues stymie the legislative process as a whole. The first is cross-border data flow. Some countries are successful in regulating the privacy of data stored on servers within their borders, but they usually avoid regulating transborder data flows.
The most popular data storage servers are located in the United States, but the people who use them come from all over the world, as does their data. It is unclear which country's laws govern data privacy as it travels from the sender to the server.
Another issue is determining who, and under what conditions, can obtain legal permission to access data stored in the cloud. Users believe that their information is confidential and safe because it belongs to them and is their property. However, they frequently forget that the space in which they store it (namely, the Internet) is not theirs, and it operates according to its own set of rules (or no rules). As a result, you may still be required to turn over your data if state authorities request it.
But even if the law is applicable to your situation and on your side, you don't want to waste time and effort later in court proving how correct you are, do you? So, with all of that legal ambiguity, you simply have no choice but to take control and be accountable for your own data.
Here are five data privacy protection tips to help you tackle the issue of cloud privacy:
1. Avoid storing sensitive information in the cloud.
Many recommendations on the Internet sound like this: "Don't store your data in the cloud." That's true, but it's the same as asking, "How do I avoid having my house burned down?" and getting the answer, "Don't have a house." The logic is sound, but "avoid storing sensitive information in the cloud" is a better translation. So, if you have a choice, keep your critical information away from the virtual world or use appropriate solutions.
2. Read the user agreement to find out how your cloud service storage works.
If you are unsure about which cloud storage service to use or have any questions about how that or another cloud service works, you can read the user agreement of the service you intend to sign up for. There is no doubt that it is difficult and boring, but you must face those text volumes. The document that has traditionally received insufficient attention may contain important information that you are looking for.
3. Be serious about passwords.
You've likely heard this warning a hundred times, but most people ignore it. Did you know that 90% of all passwords can be cracked in under a minute? Indeed, an easy-to-create-and-remember password is to blame for a large portion of all the sad stories about someone's account being compromised. Furthermore, doubling your email password for other services you use (such as your Facebook account or cloud storage account) is a real trap because all of your login information and forgotten passwords are always delivered to your email.
Here is an efficient method of creating a secure password:
Choose a random word (preferably a long one) -- for example, "communication."
Now let's say you are signing up for Gmail. What you should do is add a "Gmail" word to the word you have chosen. Thus your password for Gmail will be "communicationGmail." If you sign up for Skype, your password will be "communicationSkype", for example.
As a result, you only need to remember your "core" word and the structure of your password. To make it even more powerful, add a number before the name of the service, such as your birth date. In that case, your password will be something like "communication12111975Skype," and so on.
You can devise any other method of remembering your passwords that appeals to you. But the main point remains the same: such a method is extremely simple and effective.
Encryption is currently the best way to protect your data. In general, encryption works as follows: you have a file you want to move to the cloud, you use software to create a password for that file, you move that password-protected file to the cloud, and no one can ever see the file's content unless they know the password.
The simplest and most convenient method is to zip files and encrypt them with a password. To that end, B1 Free Archiver, a free multiplatform compression tool, can be used. When creating the archive, check the "Protect with a password" box, type in the password (remembering the third rule), and only then can you move it to the cloud. If you want to share it with someone, simply give them the password. It should be noted that B1 Free Archiver zips files only in B1 format which makes the overall protection of your info more reliable.
Even though B1 Free Archiver is the only software that can open B1 files, you won't be able to open any B1 archive, even if it isn't password-protected, without it. B1 encrypted archives appear to be safer and more secure than standard zip files.
If you have more time and energy, or if you want to provide even more protection for your files, you can use TrueCrypt encryption software. It's an open-source encryption program that allows you to create an encrypted file (the so-called "virtual disk") and keep all of your private files password-protected.
TrueCrypt is a little more difficult to use than B1 Free Archiver, but it provides a wider range of encryption algorithms (in addition to AES, it also offers Serpent, Twofish, and others), some of which provide a higher level of reliability. However, it does have some drawbacks as compared to encrypted zip files.
In TrueCrypt you preset a precise volume of your encrypted file from the very beginning so a lot of space may be wasted before you fill it with data. The size of an encrypted zip file depends only on the data volume contained in it.
5. Use an encrypted cloud service.
Some cloud services, in addition to storage and backup, offer local encryption and decryption of your files. It means that the service handles both encrypting your files on your own computer and safely storing them in the cloud. As a result, there is a greater chance that no one, including service providers or server administrators, will have access to your files this time (the so-called "zero-knowledge" privacy). Spideroak and Wuala are two examples of such services.
When deciding how to best protect your information, consider how valuable it is to you and how far it is reasonable to go to protect it. As a result, the first thing you should do is define the level of privacy you require, as well as the level of protection you require. Even a two-step verification involving SMS with a code sent to your mobile phone may seem cumbersome if you do not actively use the Internet for work, though most people who use email for sending business data appreciate this option.
Not everyone is willing to pay for data storage, but if you use cloud storage for corporate data storage, you'll find that paying for safe and secure data storage is reasonable. So try to strike a delicate balance between the level of protection required and the time/effort/money spent on it.