Cloud Security: What Are Your Options?

Rachel Z. Arndt

13 Ağu 2013

Before Edward Snowden came along, it was easier to upload files to the cloud with abandon, ignoring the security risks. But thanks to the news about PRISM, that situation has been turned inside out: Instead of worrying that some data are compromised sometimes, we know for certain that vast amounts of private data are vulnerable all the time. The public cloud, where people collectively store more than one exabyte of data, is more public than we thought.

That's a boon for secure file-storage services. More of these are popping up, offering remote file access without the fear of pesky snooping. Some services provide physical servers that you keep at home to build "personal clouds" of data that bypass the giant servers, such as those run by Dropbox and Google. Others are simply encrypted public-cloud services that promise better security than, say, Microsoft's Skydrive or Apple's iCloud.

Personal Cloud Servers

When you upload a file from one computer to Dropbox and then access it from a mobile phone, the file comes to you from Dropbox's cloud, not directly from your computer. That's not the case with network-attached storage (NAS) servers; these external hard drives connect to your home Wi-Fi network and act as servers, storing files locally and transmitting them when you connect remotely. There are no public servers involved at all. The LaCie Cloudbox and Seagate Central drives, for instance, act like regular NAS drives but provide remote access through Web-based dashboards. The technology really isn't a cloud at all but an Internet-enabled link from you, wherever you are, to your files on a hard drive at your desk.

Like basic NAS servers, Cloudlocker's service depends on a physical drive. But, the company says, Cloudlocker offers more control over file sharing than other NAS devices. For example, you can create settings so certain documents can only be viewed by certain users and viewed and downloaded by others. You can also allow people to pass along some of the files, creating a whole chain of data transfers at your discretion. When you're traveling, you access your Cloudlocker files using the interface of a conventional cloud storage service, StoAmigo, but the files reside solely on your personal hard drive.

Other services don't require separate hard drives. Tonido and Pocketcloud allow you to directly and remotely access home computers, where the companies' software lives. The link to your computer is a domain—rachelfiles.tonidoID.com, for instance. Because you're going straight from one device to another, the link is more secure than going from a device to the cloud and back to another device. And with Tonido, you're not even sharing your password with any large servers because it's stored locally. (Pocketcloud relies on a Google account for login.)

Better Public Clouds

NAS servers are great for accessing your local files from anywhere, but, at their core, they're still just hard drives. And all hard drives eventually die, often without warning. That's why the cloud is such a nice complement: It's a backup system that not only duplicates your data but stores it in a different medium (and, incidentally, one that's not subject to any potential flood or fire that could wreck your home PC). But, as we're well aware, the amorphous cloud is porous: Dropbox was hacked earlier this summer, and other companies, such as Microsoft and Yahoo, allegedly have given the government access to their servers.

The key to keeping your data safe in the public cloud is strong encryption—and encryption that is applied before data are uploaded to the cloud. If you don't want to give up on Dropbox or the like just yet, you can use an add-on service that encrypts files before they're uploaded. SafeMonk puts an encrypted folder in your Dropbox and encrypts any files in it before they're uploaded; Boxcryptor puts your Dropbox, Skydrive, and any other service that uses the WebDAV standard in a virtual drive on your desktop and also encrypts all files within before they go to the cloud.

But for something simpler that doesn't require an add-on, you'll need to ditch Dropbox entirely. The best option is Spideroak, which calls its Hive service "zero-knowledge data backup." The company encrypts data before they're uploaded to the cloud, and it never stores your password in any form, except when you're using remote access. It deletes your password as soon as you log out.

While Spideroak's approach is almost entirely anonymous, it's still centralized.Bittorrent Sync, a completely P2P file-sharing service, is the opposite: There are no central servers. Nor are there accounts or third-party file-management systems. There's just the ability to transfer encrypted data between devices. Backup isn't to the cloud but to linked devices, so you're not as free from the dangers of hardware failure as you would be with a purely cloud-based service.

Here's a final tip: When it comes to data security, don't stop at the cloud. While you're at it, you should also encrypt your external hard drives, lest you lose them or they fall into the hands of a curious thief.