Cloud-based storage can introduce risks to
the important data you store there. Here’s how to secure the keys to that
virtual vault.
Cloud-basedstorage and synchronization
services, like Dropbox and Apple’s iCloud, offer convenience for those of us
who are on the go, have an Net connection, and need or want access to our data.
But they also introduce significant risks.
Cloud-based
storage can introduce risks to the important data you store there
Cloud storage accounts typically rely on a
very weak link: a single password that prevents intruders from accessing your
account. If someone gets hold of your password (and thus of your account), your
personal data is there for the taking.
It doesn’t have to be that way – you can
own the keys to your virtual castle. Here’s what you should know about how
cloud storage services keep your data safe, and some ways to make sure that
your data doesn’t fall into the wrong hands.
How most current systems protect your data
Nearly all current Internet-based storage,
backup, and sync systems use encryption leys held by the service’s operator.
Without the key, a viewer can’t make sense of the data.
The password you set for a service that
handles all its own encryption either validates your identity or unlocks the
actual encryption key, which remains in the hands of the service operator and
is used solely on its servers.
If someone guesses, discovers, cracks, or
resets your password, your account will be compromised. No major cloud storage
or sync service uses two-factor authentication, requiring a password and
another authentication credential such as an electronic card that generates a
constantly changing second passcode, or an app that performs the same function.
Clod services use various encryption keys
to scramble data in transit, and to protect all the data stored on their
servers. The data gets unencrypted at your end on your device.
The service must provide access to its
server software to handle all of the encryption and decryption as data moves
around. Further, some individuals in the company must have access to the keys,
whether to update them or to deal with a government subpoena. Firms may
routinely have third-party auditors and other experts come in and review their
security procedures, but you can take additional steps to ensure that only you
have access to data stored in the cloud.
Pick a provider that uses unique keys
You can use either of two effective
strategies to keep all the keys to yourself. The first is to pick a sync,
storage, or backup service that generates the encryption keys via software on
your computer or mobile device. The second is to use your own encryption
software.
SpiderOak (spideroak.com), which offers
backup, sync, storage, and file sharing, derives and encryption key from the
password you set. It uses your password to create a key that lives in the
SpiderOak app on your phone or computer; the key is then encrypted and stored
on the company’s servers.
SpiderOak offers a free account level that
includes all features and 2GB of storage. Paid accounts start at $10 per month
or $100 per year for each 100GB.
CrashPlan (crashplan.com), which focuses on
archiving and retrieving files, encrypts data before sending it. CrashPlan
offers three security options. The first works similarly to many other cloud
systems: The account password protects access to the encryption key stored in
CrashPlan’s systems, and you can reset it if you forget it. The second relies
on a private password; if you forget it, you can’t recover your data.
SpiderOak,
which offers backup, sync, storage, and file sharing, derives and encryption
key from the password you set
The third option permits you to set the
long encryption key itself and then secure it by your own means. Of course,
with this option, if you lose the key, your backed-up data is gone forever.
CrashPlan’s free iOS app for remotely
checking status and restoring files to an iOS device works smoothly with all
three password and key options.
CrashPlan has several plans for home users
and businesses. Home plans range from $2.50 per month for a maximum of 10GB
from a single machine to $12 per month for unlimited data from up to six
computers, with discounts for year and multiyear purchases. Business plans
start at $17.50 per month or 50GB of storage split among three PCs, and top out
at $22.50 per month for unlimited storage for three computers. Discount apply
for higher numbers of computers and for yearly prepayment.
Jungle Disk (jungledisk.com; part of
Rackspace) generates a key from a password you set, encrypts that key, and
stores it (but not the password) on its servers. You can use Jungle Disk just
to back up data, but the service also works like a network-mounted remote
drive, encrypting decrypting locally on the fly. Its free iOS app also allows
remote browsing and retrieval.
Jungle Disk starts at $2 per month for
personal accounts, and at $4 per month for business workgroups.
Use encryption software with any provider
The second alternative is to use software
that encrypts data into bundles that work as virtual disks that you can store
anywhere, including on sync and storage systems such as Dropbox. We’ll discuss
one option for this approach.
One warning: You can’t have the virtual
disks mounted or open in the software on multiple machines without causing sync
errors or file corruption. Make sure you unmounts drives before moving from one
system to another.
BoxCryptor (boxcryptor.com) offers
encrypted archives that you can mount as a drive; they work in much the same
way as sparse-bundle disk images, but with the advantage of access via a free
app for iOS and Android. A free version limits use to a single mounted volume.
A $40 personal flavor can encrypt file names and create unlimited volumes, and
a $60 business version is available for licensing for commercial purposes.
