It feels risky to upload all your data to another company to hold and secure. So it begs the question: is cloud storage safe? The answer may surprise you, and the four steps outlined here will give you the confidence you need to move forward with better cloud storage security in this new, cloud-based world.
Be sure to subscribe to the All Things Secured YouTube channel!
While you’ve probably already heard of Google Drive, Dropbox and OneDrive – three of the biggest players in the field – it’s surprising just how many companies have sprung up to serve this cloud storage market.
Cloud storage, if you need a refresher, is essentially a private hard drive accessible from anywhere via the internet.
You can use this hard drive as an extra place to store files, share them with your team/family, or even backup your computer. You’re uploading your data to a company’s servers and they are promising you that they will secure that data and make it accessible to you anytime you want it.
But is it secure?
We’re going to answer this question, but more importantly, we’re going to discuss how you can take control of that security instead of putting 100% of your trust in an outside company.
Note: Some of the links in this article may be affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally have used, and I appreciate your support!
Is Cloud Storage Secure?
Cloud storage security is a buzzword that gets thrown around a lot. What kind of encryption does this company use for data at rest? What about data in transit?
Is one particular cloud storage company better than another?
Here’s the truth, distilled into three simple bullet points:
- Yes, encryption matters…and even though AES-256 bit encryption is better than AES-128 bit encryption, both are strong and both are standards used by pretty much all cloud storage services.
- Cloud storage is probably safer than storing it on your computer…because these cloud storage companies have entire teams of engineers building security and defending from attacks. And these companies aren’t subject to the same kinds of phishing scams, malware and petty theft that our personal devices are.
- You can control your cloud security…which is probably more important than the service provider you choose.
Is cloud storage secure? Yes, it is. However, that last point is key, and that’s what we’re going to cover next.
4 Steps to Secure Your Cloud Account Data
If you’re like me, you would much rather have full control of the security of your cloud data, even if that means a little extra work on your end.
There are a number of ways that you can use the popular services while still maintaining control of your cloud storage security. Here are four quick steps you can start taking today.
Enable 2-Factor Authentication | Cloud Storage Security
The first thing you should do with any cloud storage account you have is to create a strong password and enable 2-factor authentication, or 2FA. If you’ve followed All Things Secured for any amount of time, you know how much I push 2FA on every account that allows it.
In short, 2FA means that even if somebody stole your password or guessed it by brute force, they still have to provide a second form of authentication to prove their identity. This could be a code sent as a text message to your phone, an authenticator app or a 2FA key.
It boils down to this: it doesn’t matter how strong the encryption these cloud storage companies provide, if you leave your front door unlocked, in other words, if you have weak passwords and don’t use 2FA, you present the greatest risk to your data and not the cloud servers.
Separate Your Most Sensitive Data
It’s a good idea to keep your most sensitive data in a separate place from your general cloud-synced folders.
I have a special, encrypted vault, backed up in two places, that has all my tax documents, my digital death file, and copies of all of my family’s legal documentation. This does not get synced into any of my cloud storage accounts.
My most sensitive data DOES NOT get synced to the cloud.
Honestly, if you were to hack my Google Drive or Dropbox account, you’d be pretty disappointed. But that doesn’t mean that the rest of the data on my computer isn’t valuable enough to protect.
And that’s where the third tip comes in.
Encrypt Your Own Data (Client-Side Encryption)
one of the best ways to secure your data in the cloud is to use a method known as client-side encryption.
What this means is that instead of uploading raw data to Google Drive or Dropbox, you’re actually uploading an encrypted file. It’s like putting your data in a locked safe where only you know the combination and then giving that safe over to Google to put in their locked vault. Even if somebody did hack into your cloud drive, all they’ll find is another locked safe.
For this, I use a service called Boxcryptor.
Now I am an affiliate for Boxcryptor, which means that if you make a purchase using my link, they’ll give me a small commission, but for the purposes of an individual user, they have a free plan that more than works for what you need.
If you have a difficult time trusting any of these cloud service providers with your data, something like Boxcryptor is the best solution. It’s a very user-friendly way to build that locked safe I was talking about and then upload that to Google, OneDrive, Dropbox or others. Again, I’m just trying to reduce the amount of trust I’m giving to one single company.
That right there is the biggest one, I mean, if you take away just one thing from a security standpoint, that’s what I want you to hear, but I’ll finish with one final tip for those of you who value redundancy.
There are other options out there as well, so here’s a look at the difference between the two most popular if you want to dig deeper: Boxcryptor vs Cryptomator | What’s the difference?
Create Your Own Data Redundancy
What happens if Dropbox goes out of business or somehow loses your data. It’s unlikely, but things like this seem impossible until they actually happen.
I’ve recently been using what’s known as a cloud management service to test creating a backup on two different platforms. So, for example, I could have all the files in my Google Drive account backup to a Dropbox account and remain synced so that if something happens with Google Drive, I still have a copy of all my data on Dropbox.
Now, mind you, Google Drive, Dropbox and all these other cloud storage services already create redundancy for your protection. So this is, admittedly, overkill.
But let’s say that you want to migrate from one cloud storage to another, this would be another way to do it. The service I’m testing right now is called CloudHQ and they offer a free plan for non-business users, so you can easily sign up and give it a try.
I don’t have much experience using their software, so this isn’t an endorsement as much as it’s just letting you know what’s out there.
Take Control of Your Cloud Storage Security
The bottom line is this:
Choose whatever cloud storage provider is most convenient for your situation and do so with confidence. BUT…
…always, ALWAYS take control of your own data security by:
- Enabling 2FA;
- Partitioning your most sensitive data;
- Encrypting the data yourself and, if necessary,
- Creating your own redundancy.