Dropbox, Google Drive, Amazon… Oh my

https://connectedgeek.net/dropbox-google-drive-amazon-oh-my/

One thing I get asked about all the time is what cloud storage should I use? There are so many options…I can’t pick. What I would like to do is help all the connectedgeeks by talking about how I pick cloud storage. The first thing we have to get purged from your minds is cost. STOP EXPECTING FREE STORAGE!!! There I said it. What does free really mean anyway? It means cloud storage companies can watch what you store, analyze it, present adds or in some way study what is being stored on the given storage. These companies can also easily comply with governmental agencies requesting your data and my employee’s can see what you store. If you value your privacy and your data stop using cost as your primary means of selecting cloud storage.

Now let’s get down to the geeky stuff. Encryption in transit, while I won’t say for sure I believe all of the providers have this. Encryption in transit is our starting point and something you should verify before moving forward. What is encryption in transit you ask? Encryption in transit means they use SSL (https) to encrypt what you send to them and what they send to you. Encrypting the connection to and from them makes it harder for prying eyes to access your data. If someone is sniffing the connection they will only see the encrypted connection, but not the contents. If your provider is not using https to secure your connection it is time to evaluate other options. If you are in a coffee shop on free Wi-Fi stop using it to upload your naked pictures or at least stop complaining that people have seen them.

Now that we have encryption in transit off the board lets look at encryption at rest. Encryption at rest encrypts the data being stored while not in transit. Meaning if it isn’t traveling to or from you it remains encrypted on the company’s servers. This is a huge bonus in security because your data it kept secure and encrypted. Most companies protect your data by issuing what is know as an encryption key, paired with your login you are able to see the data. The down side is that companies could generate their own key to encrypt your data and they could also decrypt it at any time. There are usually accounts within the organization providing the cloud storage that can still view the contents of your data so read the privacy policy carefully. I won’t harp on this too much but always read the privacy policy before you agree to it. Make sure you understand what data they are collecting and who they are sharing it with.

This one is my personal favorite, “Zero-Knowledge” privacy and end-to-end encryption. Zero-Knowledge means the company has built the service in such a way that they cannot see the data, meaning the data is encrypted before it reaches them. Typically the user creates their own private key for encryption or it is done with their password. Zero-Knowledge storage companies do not store your password and do not have access to the private key you created. This means all they see on their servers is the encrypted files, even with administrative access they cannot decrypted it without either the password or the private key generated by the user. Because they are not keeping their user’s password or keys they cannot decrypt your data to see the contents.

Your data is much safer from breaches or attacks on the provider, because they are not storing passwords hackers could not retrieve them and because the data remains encrypted at all times; the hackers are left with encrypted files that are very difficult to decrypt. Lastly, governmental entities cannot spy on your data and if requested the cloud storage company can only provide encrypted files when subpoenaed.

Examples of services like this would be SpiderOak or you can use the services of CipherCloud to encrypt the data sent to Dropbox. Several online backup services offer this as well but you have to set it up. It is not configured by default, I’m a fan of BackBlaze, and it works well with Mac’s allowing me to generate my own private encryption key.

There are so many cloud providers out there, before you pick one carefully review their privacy policy. Make note of what they are collecting about you while you use their service. Most companies have to collect some data just to provide the service but that doesn’t mean they need your contacts or your exact location. You should also see who they share it with, is it advertisers or with 3rd party providers. Make sure you are ok with how they share your data and what the do with it. The cloud doesn’t have to be a scary place to store your data, research the provider and then make your choice as an informed consumer.

-Neo