We all have enormous amounts of text documents, songs, photos , videos and other personal data we want to protect these days. Keeping our data locally can be dangerous because a hard drive may get compromised and a mobile device could get lost, stolen or damaged.
Reports have even surfaced that when they update their Windows operating system, people lose their entire photo collection, much to their despair. Saving online data is an excellent way of protecting against such loss, but is cloud storage safe?
There are several main services which people prefer to use when it comes to data backup online. These are; Google Drive, OneDrive, and iCloud. We'll look at these common storage services in this article and examine how reliable these cloud storage services actually are.
Continuity Software provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
1. Google Drive:
Google Drive is an simple and secure way to back up data to the cloud and is immensely common because it's available for free (up to 15 GB of storage) with a Gmail account.
Nonetheless, there might be questions about how safe Google Drive is in fact for people who back up confidential information. Proof has emerged from Google working hand in hand with the NSA on its PRISM surveillance scheme, after all. And what kind of protection is Google Drive really delivering?
In Transit-
During transmission, there is the first possible security risk to your data. When you upload your data to the central servers of Google, it has to travel through the internet, which means it can be intercepted during transit.
To prevent this, Google encrypts your data before uploading your data using TLS. This is the same level of encryption used to protect connections to HTTPS websites by browser. A fast check with Qualys SSL Labs, an independent encryption verification tool, shows that Google's TLS connections are rated A+ (which is as good as it gets).
Google also encrypts your data inside its internal network whenever it is in transit. This means that when it moves from one Google server to another, and during synchronization with your various devices, your data is always encrypted.
At Rest-
When your data comes in with Google, it will be encrypted to keep it safe inside its cloud servers. Google is using 128-bit AES encryption for all remaining files. While this is not as strong as 256-bit encryption; for the time being it is still considered as future proof.
Google encrypts the AES encryption keys which are used to encrypt your data with a rotating set of master keys to add security. This provides an additional protection layer to the data stored on Google's servers.
Google encrypts all of your "on the fly" files to ensure that your data is still stored safely and that only the file that you really want to access is decrypted. Google, however, holds the key to your files on your behalf, meaning the company can go through your files if it wants to.
2. OneDrive:
OneDrive is a popular Microsoft Cloud storage service. As with Google Drive, as soon as they sign up for a Microsoft account, it offers users 5 GB of free storage. If you are a user of OneDrive, you might wonder just how secure your data is.
In Transit-
Data transmitted to Microsoft's OneDrive cloud storage is encrypted using 2048-bit keys with TLS encryption. This is robust encryption that ensures your data is safe when in transit from hackers and monitoring.
To keep your data secure as it passes from one server to another, the company will also encrypt your data before moving it internally around. Microsoft notes that while "data is already transmitted by using a private network, it is further protected with best-in-class encryption."
At Rest-
Although Microsoft certainly offers rest encryption details for paying OneDrive "business" level users. This is more difficult to seek to find proof of encryption at rest for free OneDrive users.
Business users are told that all data they store on Microsoft servers is encrypted by BitLocker. Per-file encryption offers encryption on-the-fly for any single file that you upload. According to Microsoft, it uses AES 256 encryption that is Federal Information Processing Standard (FIPS) 140-2 compliant. That's good encryption.
Given the ambiguity surrounding the distinction between business and personal accounts, we can only assume that all OneDrive customers are currently supplied with encryption at rest by Microsoft. This article does indicate that it is true:
“Each file is encrypted at rest with a unique AES 256 key. These unique keys are encrypted with a set of master keys that are stored in Azure Key Vault.”
It's worth noting though that OneDrive is a completely proprietary cloud storage service. It's closed source , which means you can't check how stable the data is. Furthermore, as the company encrypts your data on your behalf-and keeps the encryption keys on its servers-it has the right to access your data whenever it needs to, and can search your documents as it wishes.
3. iCloud:
iCloud is Apple's cloud computing service. This is an immensely common service among Apple customers, because it is the home-cooked service that is baked into its goods. This is also believed to be more safe and good for privacy than any of its rivals.
Like the other popular services given in this article, however, iCloud is a closed source. This means the source code is inaccessible for security professionals to inspect. And you just need to trust Apple to offer the degree of safety it says.
Apple was previously reported to have worked hand in hand with the NSA to snoop on its users (by Edward Snowden).Can you trust it, then? And is iCloud still better than its competitors?
In Transit-
Apple got a lot of bad publicity in 2014 after a series of attacks on users of the iCloud. Connections to iCloud servers is vulnerable to a man in the middle attack according to those sources. Apple denied this, saying the victims were in fact phished. Despite this the company has made improvements to its iCloud service 's reliability.
Apple states that TLS 1.2 encryption with Forward Secrecy prevents all contact with the iCloud servers. Using Qualys SSL Labs, iCloud's TLS protection were tested and it was noticed that the service was getting an A+. Therefore, data protection should be perfect in transit.
For further security, authentication is handled using a secure token when you access iCloud services using native Apple apps such as Mail, Calendar or Contacts. Secure tokens eliminate the need to store your iCloud password on your machine or tablet. In comparison to a password the token can not be stolen because it is cryptographically bound to your computer.
At Rest-
Apple states that AES 128 encryption is used to store all data on its servers. This is not as reliable as the AES 256 encryption offered by many cloud storage services but is for the time being considered as future proof.
End-to-end encryption for certain data transmitted to Apple 's servers is possible.
It's not available for single files transmitted to iCloud, however. It ensures that Apple maintains power over the encryption keys in its cloud storage for the files which it encrypts on your behalf. It is far from ideal as it means Apple workers might access the keys to your records, leak online, or maybe even hack cyber-criminals from its servers.
Cloud Storage- Best Practices:
As you can see from this article, there are several issues surrounding data privacy that common cloud storage services offer. No end-to-end encryption means you'll need to trust the provider to store and secure your data. However, because of their US base, there is always the risk that the government might use a gag order to manipulate the data into those accounts.
Whether the cloud storage services mentioned above are an suitable solution for you depends largely on your personal circumstances. If it seems secure enough for you to allow Google , Apple, Microsoft or Dropbox to store your encrypted documents on your behalf, then use those services by all means.
Best practices that we recommend-
- Strong, unique password to choose from. To keep it securely safe, each of your accounts needs a strong unique password. Failure to do so could mean disclosure of your data due to a phishing attack.
- Always use Two Factor Authorization. The password is the key to all of the records, and someone who unlocks it-or guesses the password-will be able to access your files instantly. 2FA gives you an extra protective layer which stops hackers from accessing your files.
- The files you create are set to private in Google Drive, OneDrive and iCloud, by default. However, if you decide to share access to a file or folder with someone using a link, this third party may be able to share that file or folder with someone else. It is critical for this purpose that you always consider who you are sharing access to your data with, how, and why.
- Use third party tools to encrypt the data to an online cloud provider before uploading to it. Encrypting data before uploading to a database would mean just keeping the key to the data. However, given that there are open source vendors with end-to-end encryption on the market, this is a long-winded solution.