Why You Need to Protect Your Data in the Cloud

Here’s one to file under, “We All Knew This was Going to Happen Sooner or Later” …

Several events recently have shown some of the weaknesses, or dangers, of cloud based hosting, and the need for information and guides to aid users in protecting their data in the cloud. To keep it simple: The cloud in the context of this article refers to all remote storage locations that you do not have full control over. This includes your Dropbox account, your videos on Youtube or the data that you upload to Facebook.

About those events: Dropbox was in the news lately; The cloud storage hosting and synchronization service recently changed their terms of service to better reflect that they decrypt user data stored on Dropbox to comply with valid legal process and U.S. law. This currently affects about one user per month on Dropbox. Dropbox uses strong AES encryption automatically to encrypt all data transfers and data on their servers.

Dropbox came under fire earlier this month when a security researcher found out that Dropbox’s local authentication file was not linked to a specific system. Attackers could use the file on other compatible devices to sync all data from a Dropbox account without authenticating. What made matters worse was the fact that the access was not listed in Dropbox’s access history, and that changing the password did not invalidate that file.

And then there was Google who announced that they would close down Google Video for good. Users were given time to download their uploaded videos from the service for a period of about four weeks. After that, the videos and all stored information would be no longer available on the Internet.

These unrelated events outline two major cloud hosting dangers: Data availability and security.

Data Availability

Who would have thought that Google Video would be discontinued one day? Sure, it became pretty obvious after the purchase of Youtube, but before that? Closing down a service is an extreme but it happens frequently. You see services going down for a limited period of time more often than that. It recently hit Amazon’s cloud storage service which caused service disruptions for popular destinations such as Foursquare or Quora.

You may still believe that sites like Facebook will be there forever. Look at MySpace for instance to see that the logic is flawed. The site is still there but what was once the most popular social networking site on the Internet is now fighting for survival. If it goes down, so will data of all of its users.

Your consequence should be obvious: Keep a local copy of data that you hold dear. You can use backup software to store the data in save locations locally, for instance on DVD or an external hard drive.

Businesses should keep local copies as well, considering that a service disruption might otherwise cut them off from data that they need to run the business. So, instead of relying solely on cloud storage to store contact information, important documents or applications, they need to make those available locally as well to be prepared when the cloud service goes temporarily or permanently down.

Suggested Actions

  • Local Backups and copies of data
  • Regular backups or synchronization of data

Security

Data security is the second big issue that you need to address to protect your data in the cloud. Some users say, you should not upload anything to the cloud that needs to be kept secure and protected from third party access. While that’s a sound advice, it is not always as easy as that.

The next best thing is to make sure your data is properly encrypted. That’s on the other hand not possible in all scenarios. Sure, you can encrypt your data before you upload it to a storage solution like Dropbox or Microsoft’s SkyDrive. But you cannot encrypt videos that you upload to Youtube, or text that you publish on your Facebook wall.

You need to follow two different approaches when it comes to securing your data in the cloud. You encrypt what you can, usually files that you have direct access to. I suggest True Crypt for the job but you can use other encryption software as long as it is updated regularly.

I’m going to write a separate article on encrypting Dropbox data with True Crypt.

You need to evaluate data that you post in semi-public or public places, and data that you do not have direct control of once you have uploaded it to the cloud. This includes Youtube videos, wall posts on Facebook, a comment on a third party site or showing everyone your favorite artists on Last.fm.

You may have control over deletion on some services, but that does not mean that the data is gone for good. Someone may have read and liked your Facebook wall post or someone may have downloaded your Youtube video and published it on another video hosting site. You lose full control over your data as soon as you upload it to a semi-public or public place on the Internet.

There is not really a lot you can do once you have uploaded the data. Some services charge a premium to get data removed from the Internet, but even they cannot guarantee that every last bit gets removed.

Suggested Actions

  • Encrypting data whenever possible
  • Evaluate data before you post it online

Closing Words

Hosting data in the cloud can be very beneficial for individuals and businesses alike. The benefits have however overshadowed some of the dangers of storing data online. The dangers become more present as more and more people and organizations move to the cloud, and with news that put the focus on those dangers.


© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , ,

Link to Original Content

Tags: , , , ,

Comments are closed.