Control The Keys To Your Cloud Vault

11/9/2012 9:12:04 AM

Cloud-based storage can introduce risks to the important data you store there. Here’s how to secure the keys to that virtual vault.

Cloud-basedstorage and synchronization services, like Dropbox and Apple’s iCloud, offer convenience for those of us who are on the go, have an Net connection, and need or want access to our data. But they also introduce significant risks.

Description: Cloud-based storage can introduce risks to the important data you store there

Cloud-based storage can introduce risks to the important data you store there

Cloud storage accounts typically rely on a very weak link: a single password that prevents intruders from accessing your account. If someone gets hold of your password (and thus of your account), your personal data is there for the taking.

It doesn’t have to be that way – you can own the keys to your virtual castle. Here’s what you should know about how cloud storage services keep your data safe, and some ways to make sure that your data doesn’t fall into the wrong hands.

How most current systems protect your data

Nearly all current Internet-based storage, backup, and sync systems use encryption leys held by the service’s operator. Without the key, a viewer can’t make sense of the data.

The password you set for a service that handles all its own encryption either validates your identity or unlocks the actual encryption key, which remains in the hands of the service operator and is used solely on its servers.

If someone guesses, discovers, cracks, or resets your password, your account will be compromised. No major cloud storage or sync service uses two-factor authentication, requiring a password and another authentication credential such as an electronic card that generates a constantly changing second passcode, or an app that performs the same function.

Clod services use various encryption keys to scramble data in transit, and to protect all the data stored on their servers. The data gets unencrypted at your end on your device.

The service must provide access to its server software to handle all of the encryption and decryption as data moves around. Further, some individuals in the company must have access to the keys, whether to update them or to deal with a government subpoena. Firms may routinely have third-party auditors and other experts come in and review their security procedures, but you can take additional steps to ensure that only you have access to data stored in the cloud.

Pick a provider that uses unique keys

You can use either of two effective strategies to keep all the keys to yourself. The first is to pick a sync, storage, or backup service that generates the encryption keys via software on your computer or mobile device. The second is to use your own encryption software.

SpiderOak (spideroak.com), which offers backup, sync, storage, and file sharing, derives and encryption key from the password you set. It uses your password to create a key that lives in the SpiderOak app on your phone or computer; the key is then encrypted and stored on the company’s servers.

SpiderOak offers a free account level that includes all features and 2GB of storage. Paid accounts start at $10 per month or $100 per year for each 100GB.

CrashPlan (crashplan.com), which focuses on archiving and retrieving files, encrypts data before sending it. CrashPlan offers three security options. The first works similarly to many other cloud systems: The account password protects access to the encryption key stored in CrashPlan’s systems, and you can reset it if you forget it. The second relies on a private password; if you forget it, you can’t recover your data.

Description: SpiderOak, which offers backup, sync, storage, and file sharing, derives and encryption key from the password you set

SpiderOak, which offers backup, sync, storage, and file sharing, derives and encryption key from the password you set

The third option permits you to set the long encryption key itself and then secure it by your own means. Of course, with this option, if you lose the key, your backed-up data is gone forever.

CrashPlan’s free iOS app for remotely checking status and restoring files to an iOS device works smoothly with all three password and key options.

CrashPlan has several plans for home users and businesses. Home plans range from $2.50 per month for a maximum of 10GB from a single machine to $12 per month for unlimited data from up to six computers, with discounts for year and multiyear purchases. Business plans start at $17.50 per month or 50GB of storage split among three PCs, and top out at $22.50 per month for unlimited storage for three computers. Discount apply for higher numbers of computers and for yearly prepayment.

Jungle Disk (jungledisk.com; part of Rackspace) generates a key from a password you set, encrypts that key, and stores it (but not the password) on its servers. You can use Jungle Disk just to back up data, but the service also works like a network-mounted remote drive, encrypting decrypting locally on the fly. Its free iOS app also allows remote browsing and retrieval.

Jungle Disk starts at $2 per month for personal accounts, and at $4 per month for business workgroups.

Use encryption software with any provider

The second alternative is to use software that encrypts data into bundles that work as virtual disks that you can store anywhere, including on sync and storage systems such as Dropbox. We’ll discuss one option for this approach.

One warning: You can’t have the virtual disks mounted or open in the software on multiple machines without causing sync errors or file corruption. Make sure you unmounts drives before moving from one system to another.

BoxCryptor (boxcryptor.com) offers encrypted archives that you can mount as a drive; they work in much the same way as sparse-bundle disk images, but with the advantage of access via a free app for iOS and Android. A free version limits use to a single mounted volume. A $40 personal flavor can encrypt file names and create unlimited volumes, and a $60 business version is available for licensing for commercial purposes.


Most View
AMD Trinity the Chip to Take down Core i3? (Part 2)
Windows Server 2003 : Advanced Backup and Restore (part 2) - Scheduling Backup Jobs, Shadow Copies of Shared Folders
Humax HB 1000S Freesat HD Review (Part 2)
The Apple iPad (Fourth Generation) - The Bigger Brother Is Back
Windows Small Business Server 2011 : Customizing a SharePoint Site - Customizing Companyweb (part 4) - Adding RemoteApps Links - Register the Web Part as Safe
Group Test: Laptops Running Windows 8 (Part 2) - Samsung Series 5 550P7C, Sony Vaio SVS1311N9E, Toshiba Satellite Z930-10X
Toshiba STOR.E Edition 500GB
Troubleshooting: Droid Support – July 2013 (Part 2)
These Four Kings The Top Small Tablets Available
How To Buy The Perfect Gear (Part 6) - Phones buying guide
Top 10
Sharepoint 2013 : Farm Management - Disable a Timer Job,Start a Timer Job, Set the Schedule for a Timer Job
Sharepoint 2013 : Farm Management - Display Available Timer Jobs on the Farm, Get a Specific Timer Job, Enable a Timer Job
Sharepoint 2013 : Farm Management - Review Workflow Configuration Settings,Modify Workflow Configuration Settings
Sharepoint 2013 : Farm Management - Review SharePoint Designer Settings, Configure SharePoint Designer Settings
Sharepoint 2013 : Farm Management - Remove a Managed Path, Merge Log Files, End the Current Log File
SQL Server 2012 : Policy Based Management - Evaluating Policies
SQL Server 2012 : Defining Policies (part 3) - Creating Policies
SQL Server 2012 : Defining Policies (part 2) - Conditions
SQL Server 2012 : Defining Policies (part 1) - Management Facets
Microsoft Exchange Server 2010 : Configuring Anti-Spam and Message Filtering Options (part 4) - Preventing Internal Servers from Being Filtered