The moment the cloud was introduced it was awakening mixed feeling from the users. On one hand it is very nice to have your data on the internet, since you can access it from everywhere. You can make backup of your files and store it there, so you can recover it after for example a hard drive failure. Your presentation is still available if you left your USB stick at home. You can easily share your photos with the friends you spent the vacation with.
On the other hand it is really scary to have your data on the internet. Your data won’t be on your hard drive that only you can access. It also needs to get to the cloud from you device, and who knows what happens to it on the way. Well don’t worry the real picture is not that scary and there are always a few preventive steps that you can make to secure your data.
The attack or threat can come from many sources and can aim at very different places. The first type is the unintended data loss. In this case the fact that you can’t reach your data is not due to an attack. There can be hardware failure at the data storage, power failure or internet service outage.
Cloud storage is based on a highly virtualized infrastructure, so these risks are not that high as a traditional data center. Your data can be on multiple locations, reducing the risk of losing it. Eliminating these kind of threats is the highest priority at a provider, but asking a few questions never hurt. Ask or read about their data centers security, backups and redundancy to make sure your data will be safe.
Your data’s way to the storage
In order to have your data in the cloud you need to send it to the storage. On the way your data can be captured. You need to make sure that your data is encrypted while sending it. Through a web app you can search for the “https” in front of the URL or if you are using an application for it, make sure they use some form of encryption. It is much harder to access your sensitive data if it is encrypted.
Make sure to ask if the stored data is encrypted by default. If your files are encrypted that gives an extra line of security even if someone gets access to your account. When you want to make sure you have the most security only upload files that you encrypted yourself. If the files that you store and download back on your device are still encrypted, that gives the least chance for attackers to access your information.
Most for the least effort
Hackers usually want the most information for the least effort. They will more likely attack the cloud provider itself rather than the individual users. That way they can reach more data than hacking users one-by-one. For this reason you want to find a provider who has great history of keeping their user’s data safe.
Passwords can be hacked. That doesn’t mean they are not safe, just vulnerable to dictionary and brute force attacks. Use passwords to access your data, but use strong ones. There are a few methods on how to create strong passwords that are hard to crack or you can use password generators.
Also change your password often to minimize the risks of brute force attacks. Also people are more dangerous than computers in hacking. Don’t give your account information, even if someone claims they are from technical support. The dangers of social engineering, when someone builds trust in the user and later uses this to access personal information.
Third party audits
Always chose a provider with good certifications and regular audits. This ensures that the service you get is the best and most reliable. Look for SSAE16/ISAE3402 standards, ISO 27001, ISO 27017 (cloud security), ISO 27018 (cloud privacy) or CSA (Cloud Security Alliance) STAR. These audits and inspections are done by independent professionals in the field, and ensures that their service is up to standards.