You can use it safely
“Cloud and cloud, what is cloud??!!”1
Seems we can’t say or do much in technology these days without that silly buzzword — “the cloud” — rearing its head.
To be fair, it’s a pretty powerful concept. Nearly unlimited storage for all your information, accessible to you from anywhere the internet might reach — which is pretty much everywhere these days!
Is your data safe? Yes, but: there are two significant type of cloud data threats to prepare for.
Become a Patron of Ask Leo! and go ad-free!
There are two types of cloud data threats: data exposure and data loss. Protect against exposure by encrypting sensitive data. Protect against loss by making backing up your data elsewhere. Encryption plus backups ensures your data stays safe in the cloud.
“Data exposure” means someone who shouldn’t have access to your information somehow does.
The most common scenario is someone hacking your account with the cloud storage provider. Once in, anything stored in your account is visible to the hacker. They can view, copy, download, duplicate, or share any or all of the data you have stored online.
A common worry (but a significantly less frequent occurrence) is that someone at the cloud storage service will look at or copy your data, or be compelled by law enforcement to provide access.
For most people, these are both what I’d consider low level concerns.
We should ensure all our accounts are secure, which includes the usual litany of using long and strong passwords unique to every account, not sharing them with anyone, and enabling two-factor authentication when available. A secure account is your best protection against hacking.
Most folks don’t need to worry about rogue employees or police officers with a warrant.
Most folks don’t need to worry about data exposure, as long as they’re keeping their accounts secure.
Protecting yourself from the threat of data exposure
What if you are worried? What if the data you want to store in the cloud is more sensitive than random family and pet photos? What if you want to make sure no one without authorization can see it, no matter what?
Encryption is the answer. There are several approaches, from password-protecting individual documents to manually encrypting files with a zip or other compression program.
I use BoxCryptor.
BoxCryptor and similar tools ensure the data you place online is always encrypted and safe from prying eyes. You access the files normally, and BoxCryptor handles the rest.
Hackers — even law enforcement, if they gain access — would only ever see encrypted blobs of random data. Your data stays safe in the cloud.
By “data loss”, I mean that when you go to access your data stored online, it’s inaccessible or just not there. Include the threat of ransomware, loss might be a larger cloud data threat than exposure.
The most common scenario is the same as above: someone hacks your account with the cloud storage provider. The hacker might then change your password, denying you access, or just delete all your files. The result is the same: you can’t get at your files any longer.
The cloud service providers are almost certainly backing up their equipment, but those backups are for their protection, not yours. If a hacker deletes all your files, it’s extremely unlikely the provider will restore them for you.2
If your account is unrecoverable or your data deleted, you just may be completely and severely out of luck.
Protecting yourself from the threat of data loss
We already know how to protect ourselves from data loss. You don’t need an online service to be at risk — one failed hard drive can get you the same result.
Backing up is the answer.
- Data existing in only one place is not backed up.
- Online services are only one place.
For example, if you have files in OneDrive, then OneDrive is only one place. Even if you have the files in OneDrive folders on multiple machines, you must still treat it all as one place. (Remember, deleting a file from within OneDrive will quickly delete it from all of the other OneDrive installations.)
Make sure you’ve backed up those files somewhere else. “Somewhere else” could be different online service, your PC’s external hard disk, or somewhere else entirely.
Assume the online service you’re using might go away suddenly and completely. Assume all your files in the online service are deleted at the same time — both what’s literally stored online, and anything that might have been replicated to your computers.
Could you still recover the files from somewhere else? If the answer is no, you’re not backed up.
One frequent conversation revolves around whether or not the service providers — Microsoft for OneDrive, Google for Google Drive, Dropbox, and others — are cloud data threats themselves.
I believe strongly that those three (and many others) are quite trustworthy and have no problem placing my data in their hands. I don’t even feel the need to necessarily protect my data from them. In my opinion, the data-exposure and data-loss scenarios present greater risks. I’m more likely to encounter a problem due to a hacker than I am due to a problem at the service.
Nonetheless, it’s a valid concern: it’s important that you be able to trust the provider of your service. If you feel you can’t, it’s time to choose a different service.
If that’s not an option — or you do trust them, but for safety’s sake you’d like to behave as if you can’t — then the solutions remain the same: encryption and backups. Encryption to keep your data private, and backups to prevent data loss.
Those two solutions combined can help you safely and securely use cloud storage for whatever you’d like.
I know I do.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 8:51 — 10.5MB)
Subscribe: Apple Podcasts | RSS
Footnotes & References
1: A Star Trek reference, for those that didn’t catch it.
2: Some services, like OneDrive and Dropbox, do have a Recycle Bin and may even detect mass deletions or changes. This can give you an option to recover your files from a specific date. It’s a nice safety net, but it’s only a convenience, and not something I’d want to rely on.
10 comments on “The Two Types of Cloud Data Threats and How You Protect Yourself”
Personally, I wouldn’t worry about any “rouge employee” as I’m pretty sure they would be caught…er….red-handed!
Heh. Yep. That slipped through. ¯\_(ツ)_/¯ Fixed.
How did you do that cute lil’ graphic…???
That’s done using ASCII characters. It can be copied and pasted.
Technically that’s not ASCII, but UNICODE, I think. I use the Windows built-in emoji keyboard. +. and then the ; – ) item on the top opens up a display of several such items. Pretty fun. (●’◡’●)
I use Windows 10 File History as one of my backups.
Your thoughts, please??
Thanks for the great newsletters.
It can be a part of a backup strategy, but it’s not cloud related.
More here: How to Back Up Windows 10
Not sure if you do recommendations on specific programs, but I just started using a cloud service called Sync that claims to have end-to-end encryption and no employee access to files. Any thoughts? I’m seriously considering storing sensitive files on it.
There are a few that have similar names. Can you be specific about which one?
Leo, you wrote:
“Cloud and cloud, what is cloud??!!”
The very instant I read that, I burst out laughing. I didn’t even need to see your footnote; and I respond: “You are not morg, you are not eyemorg!” (Whatever the “H” that means.)