Estimated reading time: 4 minutes
If youāre shopping for cloud storage, chances are you want a provider that keeps your files secure. What should you look out for when choosing a secure cloud storage provider? We go over a few things to keep in mind while shopping.
Note that when we say āsecure,ā we mean that your files are safe from outside attacks, as well as from snooping by the provider itself. Sadly, not all cloud storage is created equal and finding a service that respects your right to security and privacy isnāt as easy as you may think.
“Secure” Cloud Storage
Quite often, cloud storage providers will attempt to lure you into signing up with them by telling you that it is secure since it has āmilitary-grade encryption.ā This is nothing but a marketer speaking, as what it refers to is the use of Advanced Encryption Standard 256 to encrypt information with the assistance of Secure Sockets Layer / Transport Layer Security used for the overwhelming majority of Internet connections.
During the creation of this document, AES-256 had not been cracked, and has not been possible to be cracked within any reasonable timeframe, so is a great protocol to implement. It is, however, sometimes claimed to be special in some way when in fact it is easy to perform, and people do perform it frequently. All kinds of services and apps use it to encode data, including cloud storage services or Virtual Private Network (VPN) services.
Data at Rest and in Transfer
When data is encrypted is much more important. Many cloud storage providers, maybe even a majority, use a two-step process. When you send data from your hard drive, they will use SSL/TLS to encrypt your data in transit, then once it arrives on their servers, decrypt it and re-encrypt it for storage using AES-256. When you download data, this process is reversed.
This may seem like a good idea at first glance, but there is an issue: for a brief time, your data is not encrypted while on the serviceās server. This means that they can see what youāre storing and even access the files. If youāve ever gotten in trouble with a cloud storage service for uploading copyrighted material (Google Drive is notorious for this), this is because they snooped.
Of course, weāre not going to make a stand for copyright violators, but this security architecture can be a serious issue if the provider is compromised in some way. If a cybercriminal were to have access to their servers, theyād have access to your files. There is a way to fix this, though.
End-to-End Encryption
The answer comes in the form of end-to-end encryption, which youāll sometimes see referenced as EE2E. As the name suggests, this process encrypts your data from one end of the download/upload pipeline to another. Your files are encrypted on your hard drive and stay that way during transit and at rest until theyāre back on your hard drive again.
When using end-to-end encryption, at no point can any unauthorized person access your files. If your provider somehow does experience a breach, all any hacker will find is a bunch of encrypted data which is useless without the password.
When it comes to both security and privacy, end-to-end encryption is much better than the encrypt-then-decrypt-again method. There doesnāt seem to be a good reason why the latter is still used, though there are indications that itās less resource intensiveābesides letting you keep an eye on your customersā files.
Zero-Knowledge Encryption
Another important aspect of cloud storage security is something called zero-knowledge encryption, sometimes referred to as zero-knowledge access. Zero knowledge in this case means that the service youāre using doesnāt know what your password is.
This means that at no point can anyone from that service access your encrypted files. More importantly, even if there is a breach, your password canāt be leaked because nobody knows it. Itās a great system, but does have a downside: you canāt reset your password. Always make sure you use a password manager when creating an account with a zero-knowledge service, or you risk getting locked out permanently.
Keeping Your Files Safe
Between end-to-end encryption and zero-knowledge access, you can rest assured that your files will be safe while in the cloud. When choosing the best cloud storage, it pays to make sure that the provider you choose offers both. After all, theyāre your files. Nobody else should be looking at them.
You could always manually encrypt your files before you upload them if you need to use a service that doesn’t offer E2EE, though it does add several steps to the process.
Discover more from News Round The Clock
Subscribe to get the latest posts sent to your email.
