Each day, Internet users generate an average of 2.5 quintillion bytes of data, according to recent research from Domo. Per minute, The Weather Channel receives more than 18 million forecast requests, Netflix users stream almost 70,000 hours of video, and Google conducts 3.5 million searches.
90% of all data available today was created in the last two years. As a result, an ever-increasing amount of enterprise data is being stored in the public cloud, both exclusively and hybrid. But it seems not everything is as smooth as we want it to be in the paradise. There have been various cloud horror stories that forced us to think: how safe are we in the cloud?
Remember when hundreds of companies exposed PII as well as private emails (including confidential business emails) to the world through Google Groups back in 2017. A small settings error was to be blamed for such a massive data leakage and companies like Fusion Media Group, IBM's Weather Company, Freshworks, and SpotX etc. were affected by this security issue.
In another incident, Stanford University too suffered, not once, but in three separate data breaches. The data security breaches, which was caused by “misconfigured permissions” exposed not only personal employee information (including their salary information and Social Security numbers) but also student sexual assault reports and confidential financial aid reports. In fact, there are many such cloud data security horror stories, enough to give you nightmares.
The cloud is dangerous
It is true that cloud environment offers the benefits of flexibility, availability, and low costs etc. But at the same time data storage in the cloud is becoming an increasing concern for anyone who use file storing and data sharing tools like Google Drive, Dropbox, Microsoft OneDrive, Amazon Drive, and the likes, when it comes to keeping their information private.
Data in the cloud is stored in an encrypted form, meaning they are encoded with a specific encryption key without which the stored files look like gibberish. A hacker needs to crack these keys to read the information. The most important factor, therefore, is: Who has the key? And this factor is often responsible for most data security breaches.
In most cases, the commercial cloud storage systems keep the key themselves so that their systems can see and process user data. Moreover, these systems can access the key as a user logs in using his/her password. While this is perhaps the most convenient way for cloud storage systems, it is also less secure. Any flaw in the service provider’s security practice can leave the users’ data vulnerable. Dropbox, for example, has been severely criticized for its security and privacy controversies.
Again, there are some cloud services that allow users to upload and download files only through service-specific client applications, which also include encryption functions. These service providers allow users to keep their encryption keys themselves and are therefore a bit more secure than the others; however, they aren’t perfect and there are chances that their own apps might be hacked and compromised, allowing the intruder to access your files.
How to protect yourself and your data
While there is no way you can ensure that your information is safe on the cloud, there are some protective measures that you can take to deal the issue of cloud privacy. Here are 3 data protection tips to reduce the risk of your cloud experience.
1. Encrypt your data and use encrypted cloud services
As mentioned earlier, cloud storage services that offer local encryption and decryption of data alongside storage and backup are safer options than those who keep the encryption keys to themselves. Spideroak, for example, has a “zero-knowledge” privacy policy, meaning neither the service providers nor server administrators have access to your files. Similarly, use virtual private networks that keep your information encrypted and hidden from intruders and do not store or track your data when you use their services. This ExpressVPN review, for instance, explains how the company has a strict “No Logging” policy to ensure an optimal user experience.
In addition, to add an additional layer of security to your files, you can encrypt your data before uploading them onto the cloud. There are many software that allows you to encrypt you file and make them password-protected before moving them to the cloud.
2. Backup your data locally
Always have electronic backups for your data so that you can access them even if the one on the cloud gets lost or corrupted. You can either keep it in an external storage device or in some other cloud storage. However, the former is perhaps a better option as you can access them even without Internet connectivity.
In addition, avoid keeping your sensitive information such as passwords, Social Security number, credit/debit card details, banking information, or even your intellectual property like patents and copyrights etc. in the cloud. These kind of information, if compromised, can result in potential data leakage.
3. Have strong passwords
Although you might have heard this before, making your password stronger is perhaps one of the best ways to safeguard your files stored in the cloud. Even the U.S. government has revamped its password recommendations. The days of picking your favorite phrase as your password and replacing a few characters with symbols are practically over. Also, stop doubling your one password for other services.
Instead, choose long, weird string of words as your password and add a combination of special characters, some capital letters, or numbers to make it stronger. Most data leakage happen due to easy to guess passwords. If required, test if your password on the safety of your computer. Another good practice is to change your password is every 90 days or less. This practice will also help you keep the internal intruders away, thus avoiding workplace breaches.
Conclusion
Keeping your data safe on the cloud is all about remaining secure, vigilant and resilient. Have a multi layered data security system in place and continue monitoring to ensure your systems are still secure. However, if you still feel your data is under threats of breaching, take control and quickly address the issue to recover before it causes a havoc. Don’t just rely on your cloud service providers’ security assurances. Always have your own security measures in place from the beginning. After all – it is better to be safe than sorry.