Staying Secure in the Cloud

Storing personal data in the cloud using Google Drive, Apple iCloud, Dropbox and other services has many advantages, but it also comes with risks. You can access your files from almost anywhere, but are they also more vulnerable to hackers and other bad actors?

The first step in cloud computing is choosing the service that meets your needs. Boston University Information Services & Technology makes the following recommendations:

  • Determine what their security standards are. Are you willing to trust them with your data?
  • Decide how much storage space you need. Most charge based on the file volume you store.
  • Make sure that your browser or app requires an encrypted connection before you upload or download your data.  Look for the “https://” or the padlock beside the URL in your browser.
  • Read the terms of service to learn if your data will be stored encrypted. If it is stored on the cloud server without encryption, anyone with high level access to that server will be able to read your files. This may not be an issue for many files, but you should carefully consider what kind of information you are storing in the cloud and whether you are comfortable with the possibility of persons you don’t know accessing it. Sensitive or legally protected data should not be stored in the cloud unless it is encrypted and only be you or your representative can decrypt it.
  • Understand how access to your cloud folder is shared. Several cloud storage providers allow you to share access to your online folders with other people. Be sure you know in detail how this works. Can they read only or can they change the file? Will you know who changed a file last?  Does the service allow you to make files public?  If you do make files public, are your personal details (name, account, email, etc.) attached to that file if a stranger looks at it?
  • Ask what your options are if the cloud provider should be hacked or if they lose your data. In most cases, the terms of service give you little or no recourse if something bad happens. Know what the terms of service are.

Tech consultant Triona Guidry suggests that some consumers may wish to use “Do-It-Yourself Clouds,” setting up their own servers and accessing their data however they choose. Although Guidry says that the necessary hardware is “available at any big-box electronics store,” setting up a cloud server (and bearing full responsibility for the security of the server) may be more than most consumers want to take on. It is an option, though, for tech-savvy consumers who want full control of their data.

Once you have decided to store data in the cloud, you need to establish strong security for your files. The SANS Institute suggests that you follow these guidelines to keep your data secure in the cloud:

  • Use a strong, unique passphrase to secure your account. If the provider offers two-factor authentication, use it.
  • When you share files make sure you know who will have access, and only provide access to those who require it. Do not enable sharing by default.
  • Although some cloud services allow you to give access to files by providing a web link, this is not secure. When you send someone a link to a file in your cloud account they can share it with others without your knowledge or consent. It could even show up in search engine results.
  • Understand the available security settings and use them appropriately to control who can access your files and what they can do with them. Do you want users who share access to your files to have read only access, or will they be able to modify the files as well?
  • Keep a current version of antivirus software on any devices used to share your data.