It’s as safe as you want it to be if you use it properly.
One of the comments I received on my article on lessons learned from a fairly public online hacking was very concise:
“That’s why the cloud is dangerous.”
I think a lot of people feel that to varying degrees.
I strongly disagree. Using the cloud can absolutely be safe.
I also think that believing the cloud is dangerous prevents you from taking advantage of the things it can do for you — things like protecting your data.
It also misses the point that there are a number of things you’re already doing “in the cloud” safely, and have been for years.
Become a Patron of Ask Leo! and go ad-free!
Safety in the cloud
The so-called “cloud” is new in name only; we’ve all been using online services for decades. They’re no more dangerous now than they were then, and quite likely less so. The only new thing is the number of services available. If we take responsibility for our own security, using the cloud — aka online services — can be safe and enrich our lives along the way.
What is the cloud?
I have to start by throwing away this silly term “the cloud.” It’s nothing more than a fancy marketing term. Ultimately, it has no real meaning.
The cloud is nothing more than services provided online over the internet.
Seriously, that’s all it is.
Another way I saw it recently was this: “‘The cloud’ is simply using someone else’s computer.”
Be it services that provide a place to store your data, enable you to communicate with others, provide applications, sell you things, or answer your technical questions, it’s all happening in the cloud.
And that’s nothing new.
The cloud is new in name only
You’ve probably been using online services long before anyone thought to slap the name cloud on ’em.
- Do you have an online email account like Outlook.com or Gmail? You’re keeping your email in the cloud.
- Do you use any kind of email? It gets from point “A” to point “B” through the cloud.
- Do you upload pictures to a photo-sharing site like Flickr, Google Photos, or Photobucket? That’s the cloud.
- Do you use any social media? Yup, they’re in the cloud too.
- Do you use an online backup service? You’ve been backing up to the cloud.
Hopefully, you get the idea.
I really want to drive home the point that this thing people are calling the cloud is nothing new. You’ve been using it already, probably for years, before that silly name was attached to it.
So let’s jettison the name and all the baggage comes with it, and call this what it really is: online services.
OK, fine. But is the cloud dangerous?
No more so now than it’s ever been.
In fact, I’ll claim that the average online service has become safer as service providers have learned from mistakes and implemented industry best practices.1
If anything has changed at all, it’s the breadth of available online services and the number of people using them.
The fact is that any tool, when misused, can be dangerous.
For example, placing sensitive information in your online email account (and only your online email account), and then not using proper security on that account, is absolutely dangerous, and always has been. It’s not that online email accounts are dangerous. The danger arises from using them improperly.
The same is true for any online service, be it those generating the latest buzz or those you’ve used for years.
We’re all at the mercy of service providers
At this point, many folks point out that security breaches are often the fault of, or related to, a problem at the provider of the service in question.
Many are, it’s true.
But you know what? That’s not new, either.
As long as there have been service providers, there have been mistakes, breaches, and policy screw-ups at service providers.
I’m not (not! not! not!) trying to excuse service providers for making mistakes or screwing up. Every fiber of their corporate being should work to prevent security-related errors and mitigate the impacts when they occur.
But the reality we have to accept is that ultimately, service providers are staffed by humans, and humans make mistakes. Saying mistakes should never happen is unrealistic.
And it’s extremely poor security planning.
Besides, when it comes to security issues, we are most often our own worst enemies.
No one can protect you from you
Let’s go back to the Mat Honan hack for a moment, which is where that “the cloud is dangerous” comment originated.
Mat didn’t lose his data because of the breaches he experienced.
Mat didn’t lose his data because of problems with the online services (though there definitely were issues).
He lost his data because he wasn’t backed up. Even if he had not been hacked, he was at high risk of losing everything anyway, had he lost his laptop or experienced a simple hard-disk failure.
Had he been backing up his data, I’m betting there wouldn’t even have been a news story.
On top of that, the hack reached as many of his accounts as it did because he had linked all of his accounts together. Mat helped the hackers get to his accounts.
No, the lesson here isn’t that online services are dangerous. The lesson here is that we have to assume responsibility for our own safety.
And I’ll say it once again: this is not new.
How to use online services safely
Using online services safely really boils down to not much more than the guidelines we’ve all heard before.
All, of course, augmented by a dose of common sense.
- Back up. If it’s only in one place, it’s not backed up.
- Use strong passwords and set up and keep all account recovery information current. Use extra security, such as two-factor authentication, where supported.
- Encrypt sensitive data stored online.
- Understand the security ramifications of using someone else’s computer, or someone else using yours.
- Understand how to use internet connections provided by others securely, especially open Wi-Fi hotspots.
- Don’t link your important accounts together in such a way that breaching one opens the door to all; use different passwords (and perhaps even unique email addresses) for each.
- Keep your software up to date, scan for malware, and all the other actions commonly listed to keep your computer safe on the internet.
Only the part about possibly using different email addresses for different accounts is relatively new. Everything else should sound really, really familiar.
It really can be safe
To be clear, there’s no such thing as perfect security, and that’s true whether you keep your information securely locked away only on your own computer in your bedroom, or if you store it in the cloud. There’s always something that can go wrong.
By following basic security guidelines, there’s no reason that most of the popular online services can’t be used safely.
Used properly, they can even add security by providing things like additional backups, throw-away email accounts, data replication, and more.
You do have to assume responsibility for your own security, and that includes taking reasonable precautions to prevent problems and additional steps to minimize the impact should an issue arise.
Yes, you can avoid online services altogether (remember, that means walking away from email as well), but you’d miss out on so many of the opportunities the internet has to offer.
Rather than asking “Is the cloud dangerous?”, learn to use it safely. I believe that in the long run, you’ll be much better off for it.
I know I am.
Mat Honan, the victim of that public hacking I mentioned at the beginning, published an update detailing how he’s recovered from his hacking.
One quote struck me: “I’m a bigger believer in cloud services than ever before.”
This is the gentleman whose experience started this very discussion. While others are quick to blame the cloud, after all is said and done, he’s not one of them.
Neither am I.
Find his story at Mat Honan: How I Resurrected My Digital Life After an Epic Hacking.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 8:36 — 11.9MB)
47 comments on “Is Using the Cloud Safe?”
My only problem with the ‘cloud’ is that more and more things are getting pushed there.
Companies assume that every person has constant unlimited access to the internet, which I don’t.
I have to check every piece of software I buy, twice, AND ask an assistant (because I have been caught out before) just to make sure I can use it offline.
Even trying to look at the manual for my current mouse results in a ‘not connected’ message if my modem isn’t on.
The ‘cloud’ is fine, for those who want to use it. I just wish the rest of us were not being forced to.
Thanks Leo, this was quite an interesting article as I always thought the cloud is dangerous, unsafe and so on, not getting really the point that it’s nothing more than online storage, services etc.
BTW, I’m getting your newsletter, but you’re putting together so much information that I just don’t have the time to read them all, but that bit I’m reading is really interesting, informational and helpful. Thank you.
The only issue I see with the cloud , if you store your data and the site is hacked the data breach is massive …. as opposed to on site storage where you have to be individually hacked as opposed to hacked in mass … On site you have to be individually targeted .
I’ll let you come up with your own personally relevent scenarios where the following word might give pause to the use of the Cloud;
Everything in one place and the attorneys probably don’t even need a search warrant.
I have a huge amount of respect for Mr. Leo Notenboom and he is a great writer but I totally disagree with his opinion on this subject. In this article he didn’t mentioned the most important thing – our own privacy. As Leo once stated and I quote “I would like my articles to stay here, on this website” I would also like that all of my documents and everything else to stay here on my computer. I don’t want that a government or a cracker to access them someday and use them against me. I am not a criminal, just a regular, experienced user but I don’t like the idea of having “everything” located in the cloud – it’s not a safe approach. Just my 2 cents.
I mostly agree with you but I have a suspicion that there is one way that “cloud” storage may be potentially less safe than offline on-premises backup. Your data, by itself has a certain value (call it “V”) to data thieves. If it’s alone, then a thief gets V value from hacking your computer(s) at your home or office. If you have halfway decent security It’s probably more trouble than it’s worth for a thief to get at it.
Now put your data (worth V) in “the cloud” with a few million other people’s and corporation’s data. (If you’re just an ordinary Joe who has your photos, your love letters and your tax returns stored, your V isn’t going to be all that big. But maybe there are guys working on patentable ideas, there are definitely corporations with all their DBs etc. Their Vs are bigger than yours, some a lot bigger.) If the same thief manages to get into that huge pile of data, he gets several million times V of data. IMHO, this makes big dataheists in the cloud more attractive to attempt. And your data security is breached, in effect, as collateral damage. They may not be interested in it your stuff, but they have it and who knows where it might eventually wind up.
Have a nice day.
I feel compelled to respond to the article again!
Matt Honan might have written his story as a wake-up call to the average user who thinks only big companies get hacked. Let’s get our heads out of the sand and examine our own personal online security! Kudos to Matt Honan!
Leo, your article is not balanced, may I offer another angle? Despite your valuable comments about encryption etc., you are ultimately relying on the “flock principle” – among so many of us, why would a malefactor choose me? The trouble is, despite the improvements in security, the potential rewards for the baddies will ensure that they become more accomplished also, and by using internet services (I’ll avoid using the other word!) we do entrust an awful lot to organisations that must have their fair share of bad apples. If you accept this but still want to use e-mail you have to acknowledge the potential visibility of what you send and receive, so just be circumspect about what you send. Use Picasa only if you don’t mind people you didn’t invite looking at your photos. Online backup? no way, unless you have nothing to lose from unauthorised access. Backing up will ensure you keep your data but won’t stop others from keeping it too. Every code can be cracked (witness your new advice about using multiple e-mail addresses) and in twenty years time we’ll be asking how we allowed it to happen!
Agree with most what you said but one thing I can’t understand.
Why would anyone store their data online at some undefined site run by some unknown agency these days?
Large hard drives are a dime dozen, well almost, I use two for backup simultaneously, and store them at different locations.
Why trust someone else?
Large hard drives are great, but they don’t solve all the problems the many of these online services get you. Having a large hard drive doesn’t get you email, for example. Nor does it allow you to share pictures with your family elsewhere. Nor does it transparently keep several machines data in sync. There’s much much more to online services than just storage. Whether what they provide is worth it is only something you can determine.
Mark is right. I have my laptop and desktop backed up onto two portable harddrives via Macrium Reflect (thank you, Leo), one of which I bring to work with me. I back up once a month (I don’t have many changes to my data, usually just some additional music and photos) so bringing the second drive to and from my office isn’t a difficulty. I’m not interested in backing up my machines to an online facility. As others have noted, what happens if you can’t GET online after your machine has failed?
The cloud is useful for backup only in addition to a system image backup.. It protects you in case your local backup is lost.
“But we’re at the mercy of service providers:
You said it Leo!
I recently got a customer back onto storing and backing up his email onto his own media, after he lost vitaly important financial documents on THE CLOUD.
His live mail account discovered an “issue” with his password – He soon found he could no longer log on to his account, after a month of phone calls and business losses, the call centre guru glibly apologized and said “Mr. xx do not worry, I have emailed you a new password” That is when he sew the light and phoned me, now all his data is stored locally, (he no longer uses live mail) with correct back up procedure. I will never trust my data on the cloud.
I am gratefule for your article. It is exactly what I have been waiting for in order to get my nerve up to begin enjoying the benefits of “the cloud”. I am still “not quite convinced yet” as I recently lost many years of valuable family records/pics/vids that i BACKED UP (as you mention above) on a popular external drive that “went out”; and, in order to retrieve all my records, if it is at all possible, I must pay an exorbitant amt of money. The drive shows no files at all on it? So, I wonder how I can trust backing up again if this happened? Thx for your valuable education & God Bless…
The whole Mat Honan tale did set off one alarm for me. I back up to an external drive with Macrium, as you suggested. I have that drive connected to my computer. If I was hacked the hacker could wipe out the external drive too.
Should I disconnect this drive except when backing up?
If your photos are only in one place, eg only your external drive, they aren’t backed up. Backup means have your data in two or more places, preferably more. In that case backing up on the cloud would be a good third place for your data. In my case, I do a nightly incremental backup and use a OneDrive folder as my working directory. That way my indispensable files are in 4 places. My main computer, the backup drive, OneDrive and the OneDrive files are synced to my other 4 computers.
Unplugging your backup drive is a good idea to prevent that kind of thing from happening. It is also an extra line of defense against it being affected by a virus.
@bill there is one more better reason for completely UNPLUGGING (power and USB), not just turning the power off on your external drive. That is lightning. If you, like many (most?) people do not have adequate line protection on your computer and even attached devices could be fried by an electrical surge.
But what’s even worse, is that this charge can come in through your Internet connection as well as your your electrical connection. If your USB electronics happen to be “close enough” to the power supply OR network connection hardware inside the computer a charge could jump to the USB and fry attached USB devices too.
Leo: I’m surprised you haven’t taken the next obvious step. Connect the very valid points you made about the cloud to Windows 8 and Office 2013. By default, both of them are being presented in HIGHLY “cloud-i-fied” versions. For example, unless you know where to look, the Office 2013 “Preview” #BETA, but that is a separate RANT# is “only” offered in the Office 365 online, “cloud” version. #that rant ignores the valid benefit of installing BETA software in a virtual environment# It defaults to storing your information in the cloud. And that is the way MS is going to be selling it going forward. Same with Win8. MS really pushes you to provide an “email” address to link to, and encourages you to link all of your email addresses to their service.
You also don’t mention the “EULA”s that these various cloud providers work under. Most of the time they basically say, “put your info here and take your chances, we guarantee nothing”. And if you look at the stats, most of these cloud providers will gladly provide your info “to the authorities” without a question or proper legal authorization.
As well, often the EULA gives them access to your content to varying degrees. Many of them use automated systems to scan your data to provide “relevant” advertising. And they’ll say that people don’t have access to it. But how can you know for sure. And even if they are acting in good faith, a “rogue” employee may “game” the system to access your data. For example in 2010 hundreds of cars were disabled by a disgruntled employee. A Texas car dealer had GPS and Kill switches attached to cars they financed to “high risk borrowers”. The kill switch was intended for dead beats who stopped paying, but a fired employee knew the password to the system and disabled all of their cars. That was in a SMALL company. How many people at MS or Google really do have access to your data … “administrators”, DBA’s, encryption “experts”, managers#?# … ?
What do you really know about other “known” cloud file share sites like “Dropbox” or “Box.net” or FileSavr” etc. How many employees? Where are they located?
I also wish you had put more emphasis on encrypting data BEFORE storing it in the cloud. AND not relying on the service providers encryption. If the data you are saving is at all sensitive you should only rely on the highest level of encryption you can get. The thing is, we are reaching a point where the amount and quality of decryption tools is available to hackers. If they own or have access to a hacked network of thousands, 10’s or even hundreds of thousands hacked computers that is a lot of power to throw at decrypting your data, like passwords. So, the “safe” level of encryption is constantly creeping upwards. Encryption that was safe for “100’s of years” just a short while can now be cheaply hacked in minutes, hours or days by using new hacking algorithms and hardware like “GPU” hacking tools.
It may sound paranoid, but even the paranoid really do have enemies. In this computerized age we have to be smart shoppers. We just haven’t learned all of the ways we can be burned and who may be “attacking” us because the cloud is so new.
I’ve been backing up for years and here is my plan. What do you think?
1. I use an online storage service called SpiderOak. It backs up my data every 15 minutes. I’m a freelance writer and the only thing I might lose are the last 15 minutes of work in a drive failure or similar event.
2. This same service synchonizes my desktop to my laptop after completing the backup. This synchronization and the backup are completed whether I am in the office or on the road. For example, I was in Indiana last week and all the work done on my laptop was place on my desktop during the synch, 700 miles away.
3. I perform nightly incremental backups on my desktop PC every night, including a system image.
4. Every site or account gets a different password, generated by a password generated program. I always generate at close to the upper limit the site will allow.
Your process is great, from a backup perspective. My only comment/concern is about your laptop files. Portable devices in general can be lost or stolen. Once in the hands of another, any *unencrypted* data on the device is easily accessible. Sounds like I would have ALL your data if I stole your laptop. It takes a little work to set up, but it’s worth encrypting the data on your laptop. See Leo’s article: http://ask-leo.com/how_can_i_keep_data_on_my_laptop_secure.html
the Cloudonline services can be dangerous. So is driving a car. Driving is made safer by a variety of safety devices such as seat belts, air bags, ABS and above all careful driving and common sense. Using online services is made safer by the things mentioned in the article and above all careful driving and above all, common sense.
I held a Security Clearance in the Military. There is something called a chain of custody and if that is broken then you can assume that that the Classified information has been compromised. I have yet to see any qualification for the next chain of custody for anything that leaves my computer. Impressive sounding technical phrases in marketing material do not qualify.
To me, the now unsupported TrueCrypt had no qualification either. There are security audits of TrueCrypt but then again you have to look at the audits in the light of a custody chain and accountability.
The Health Insurance Portability and Accountability Act of 1996 or HIPAA is the only certification that can be trusted because a security breach would be investigated for criminal penalties by the US Government .
Cloud services have only their established Good Will in the market place. There is no real oversight. Read the services Terms of Service and Privacy Disclosure that are able to change without any notice to you.
If you create valuable original proprietary data or business records then you do not want to just put your data on someones server that is only qualified by marketing phrases and goodwill.
There is logical thinking in the science of security and terms like “good enough” or “you are just not interesting enough” are emotional terms that carry no scientific weight.
Is the Cloud dangerous? No. But it will accelerate the effects of your decisions, good or bad.
“Back up. If it’s only in one place, it’s not backed up.” is a good argument in favor of the cloud. You may have a good local backup in place, but a fire or a robbery can destroy all that. An additional backup on the web can save your backside.
It seems the height of irresponsibility for Australia to have passports in the Cloud instead of actual documents. Only a trial thus far, but surely we’ve seen enough of very big hacks to know what a risk it is!
Hi Leo, and thank you as always for your outstanding contributions to all of us who use computers without being technical wizards. After using Windows since version 3.1 before the internet even existed, I have recently acquired a little Chromebook. I love using it, and I am blessed with excellent internet where I live. I have always been a backup maniac, with a local external hdd and Backblaze for good measure. Naturally I am using Google Drive with its web apps, and I am worried that I cannot see how to back up that data. It isn’t local – I get that, and the files can’t even exist away from Google’s servers as I understand, and even on my Windows machine the local files are merely “pointers” to the “real” online files. So is my only option to laboriously download everything on Google Drive to my Windows machine? I just cannot see any other way to make a backup copy. I know Google Drive is pretty robust and I have 2 factor on my account, but I still feel itchy without another copy anywhere. Would hugely appreciate any comment you might care to make. Kind regards, Peter
My new car has built-in wi-fi. Should I think of it as if it was an internet cafe? Does everything you discuss in this article apply to my car and passengers using some kind of internet device (it supports up to 7 connections)?
“Should I think of it as if it was an internet cafe?” – No. Think of it as a smartphone with a data plan.
Make sure you have WPA2 enabled on the WiFi connection.
Benjamin Franklin clearly said: “Three can keep a secret, if two of them are dead”. This was true then and is true now. If you have private information you should not put it in other hands. It is not a good argument for me “there are places more dangerous than the cloud”. That does not make me feel more safe. Always there will be anyone less careful than me. But let´s accept one thing: the whole Internet is playing the same game. Every one is going and will continue going to the Cloud for many reasons that have nothing to do with the technical world. So the best protection I can think is: we must be very careful about what we are putting in the Cloud. It is ok to place non risky documents and other files. But the most important ones should be where nobody but you can watch them, today and tomorrow. Not forgetting to apply physical measures to keep them safe and backed up.
Before services like OneDrive and Dropbox, I used to back up my most important files by emailing them to myself, encrypted using PGP. Of course, that only was a few files but it was my introduction to cloud storage.
One thing I do is to check if a website allows a user name other than an email address. If it does, I make one up. I also check the password requirements for a site and max them out. Since I use LastPass, remembering them isn’t a problem. If two factor authentication is available, I use it.
Bottom line is anything I can do to make it harder to guess, I do it. I keep regular backups, so I am not concerned about data loss.
One other thing for US readers. Equifax, Transunion, Experian, and, another credit reporting company, Innovis, all allow individuals to sign on to their services and to lock their credit reports. Of the four, Experian charges $4.99 a month, the others are free. Users can unlock their files when necessary and then lock them again. You can also request a PIN from the IRS that is needed when filing a tax return. You will receive a new PIN each year that must be entered on your return when filing.
In 2018 there was a law passed (in the U.S.) that made all credit freezes free. They should be free at all the credit agencies. I don’t know if you’re making a distinction between a “lock” and “freeze”, but the term “lock” is used by Experian as a part of their paid security services. A credit freeze should never have a monthly charge.
A “lock” gives you control of your credit report without having to contact the credit reporting agency and takes no time to unlock or lock it.
Essentially a lock and a freeze are the same. I went back to Experian and I’m paying a little extra for additional services. To just do the lock wouldn’t cost anything.
My main point is that is another way to protect yourself in the event of a data breach. 5 years ago, I had someone attempt to file my Federal tax return. The IRS and I both agreed that it was a foreign actor as they filed the return on December 31st for that tax year, which prompted a letter from the IRS. So, I know my data is out “there” somewhere, already. I’ve taken as much action as I can to make it useless to whoever might have it.
To me the cloud is simply a marketing term for the Internet. I have always believed that one should never consider the Internet as private, whether it be email or online storage. Someone somewhere has access to whatever you are doing on the net. I would never backup my files to the Internet unless I considered them public information.
You can encrypt any information you don’t want accessible to strangers.
How Do I Encrypt a Folder?
How Do I Encrypt a File?
Aside from all of the above concerns, my reason for not using cloud storage is simply that it slows down any system. Unless you are using a top of the line speed machine you are placing an extra load on your PC. If your machine is old or has weak hardware you will be shooting yourself in the foot as far as performance goes.
I have 3 different cloud sync programs running on my computer and I haven’t noticed any lags. Any slowdowns would be due to a slow Internet connection and has little to do with the speed of the computer. Bandwidth is only significantly affected when files are being uploaded and downloaded so most of the time, just being logged into a cloud syncing site in itself has little effect on speed.
Leo stresses the importance of backups to protect your data against loss. Encryption, probably, runs a close second in protecting your data against theft.
Cryptomator: Encryption for Your Cloud Storage
Cloud? It is actually quite simple: anything not in your exclusive possession is not yours.
Trust only at your own peril.
Is “The Cloud” Safe?
Yes! Of course it is! It’s only silly ol’ us, & the way we sometimes (mis)use “The Cloud”, that can render it unsafe.
“That’s why ‘The Cloud’ is dangerous.”
Slightly reworded, I’ll actually agree with that: “That’s why The Cloud can be dangerous.”
So, take heed! And don’t be dumb when using “The Cloud”! (It’s not very “stupid-friendly,” I’m afraid.)
Driving a car is dangerous; crossing the street is dangerous. We do many things that are dangerous several times every day. We take precautions by using seatbelts, installing airbags, crossing at crosswalks and still looking for cars that might run a red light, etc. It’s the same with using the cloud. Use strong password to log in to the cloud and encrypt all your files you upload to the cloud. And use a password manager to keep track of your passwords. You can even store your encryption passwords in the password manager, so you only have to remember one password.
My dislike of what is called “the cloud” today, aside from my own perceived security issues, is the loss of “purchasing power”. What I mean by that is consumers are losing the ability to buy many useful things. I like to buy my cars and other large ticket items if I can afford to, rather than leasing. OK, I’m a control freak. My accounting software still does fine for me and it’s a 2000 version. I have been very happy with Windows 7, despite having another machine with Windows 10 on it. Eventually I will be forced to move to the other machine, but I’m fighting it. Using the cloud for applications just seems like a way that big software companies can pretend they’re selling you something, when it’s really only a short-term license. If they owned my accounting software, and decided it was time for me to upgrade, there would be an implied “or else” in the deal. They could, and probably would, stop me from using that application, as it was on a short expiration license.
Maybe I’m an anachronism, but I like to own what I can own, and oft times today’s software companies are trying to stop that. JMHO. Thanks for the great info, askleo.com.
The reason the Cloud was used to market is that you are using somebodies else’s computer for storage. Yes, just like your email is stored on their computers, any documents you store online for access by multiple computers is stored on some companies computer. The difference is that there should be even more security over documents stored, than emails stored.
Encryption is fine if you are the only one to access that document but becomes a real pain when the document is shared across the company. I have several spreadsheets on the cloud that I have password protected, but I would hate to hand access to somebody else with my password for that spreadsheet.
You should keep a copy of the document/spreadsheet on your computer and back it up as changes are made to the document/spreadsheet in the cloud.
The greatest danger to documents on the cloud is from the employees working for the company supplying the storage you are using. Much easier to hack from inside a company than it is from outside. This means that anything you do will not help since they not only have access to the documents stored but also your login data. This is normally how you get massive breaches of the cloud. This is where encryption of your documents and spreadsheets might help, as the cloud company will not have the encryption stored on your computer.
I would agree with you that you should never use your password/passphrase that you use for the cloud for anything else. Evaluate what you have stored on the cloud. Does it really have to be there? If you only access it from the same computer and never share it, maybe it does not need to be on the cloud.
The cloud (i.e., servers and data-storage systems elsewhere, to include in Russia and China) is safe. Or so Leo asserts. I disagree.
Leo and I are of different generations. I’m a math/engineering science BS/MS/Dissertation-short-of-a-PhD octogenarian, one or two generations ahead of Leo. A FORTRAN, put a-person-on-the-moon using a 2K/36K memory processor, kind-of-guy.
Everything is safe … until it isn’t. And recently Leo posted a blog telling his readers to abandon LastPass, a “secure” password manager (https://askleo.com/lastpass-breach-2022-my-recommendation/). In his estimate it was no longer trustworthy. His recommendation on the latest LastPass security breach? “It’s time to move on. The questions are, to what and how quickly?”
So how do we find out about compromises? Often second-hand and long after the fact. When it may be too late. And how do we know it’s too late? We don’t. We could become a victim long after a breach. The mumbo-jumbo, geeky explanations often released by the violated entity often tell us little to nothing.
So when using internet or cloud-based services Leo suggests that we protect ourselves. I agree wholeheartedly. But unfortunately most of us do not have the time, level of expertise, and knowledge that Leo has to be comfortable in adequately protecting ourselves. (But I do appreciate that Leo is indeed trying to educate us!)
The best advice whenever using any online or cloud-based service? Use lengthy passwords (a minimum of 16 random letters, numbers, and characters, both upper and lower case) and two-factor-authentication. Encrypt if possible. Then hope that the service provider has its security act together. And maybe, like me, minimize the use of these services unless there’s no reasonable alternative.
My current employer – I‘m still employed supporting a DOD/Space Force contract – does not allow us to use cloud services to store work-related, unclassified-but-sensitive information when logged onto its system/network. Rather, we use encrypted, password-protected external hard drives. Understandably so.
I don’t trust the cloud either, but it’s not very difficult to encrypt the files you upload to the cloud. As I said in a previous comment, encryption can be as simple as using 7Zip to encrypt files. Yes, it’s a couple of extras clicks, but it’s something anybody can do.
I just ran a test. I encrypted a 250 MB folder with a 30-character password. It took me about half a minute to encrypt it. It would take a similar amount of work to decrypt the folder. You can keep an unencrypted copy of that password somewhere safely on your computer or in a notebook or somewhere in your home. If you want a memorable password, you can use something like “Thequickbr0wnf0xjumped0verthelazylapt0p?” Memorable, but uncrackable.
I think the whole point here isn’t the technical part of the cloud. The question is WHO is the cloud? Is it Microsoft, AT&T, Samsung, Google etc. or the government? What do THEY do with all the personal information they have on hand from every internet user around the world? I think they’ve pushed us all into a corner where we can only say YES and AMEN to everything how THEY treat us as transparent people. Eat or die!
This is an argument for encryption. Email is a cloud service. Unencrypted emails are as private as postcards. Unfortunately, email encryption is difficult. I’ve done it, but it’s not practical for the average person at this point. You’d have to exchange public keys beforehand. Encrypting files you keep on the cloud is easy. It can be as simple as .zip encryption or as sophisticated as using Cryptomator of VeraCrypt which are not too difficult for the average user. As the saying goes, “Trust but verify.” When it comes to the cloud, “Trust but encrypt.”