Modern offices are all about minimalism.
The optimum utilization of space to make the most for flexibility and convenience has positive effects on employees and can increase productivity.
In offices that have adopted the minimalist approach, open spaces are preferred as long as intensive work is not the norm. People are free to work wherever they like, giving them more freedom and allowing them to choose an environment that’s most comfortable for them. This has also birthed the concept of coworking spaces.
One of the most substantial effects of all this is theinclusion of cloud storage in our daily lives.
Not long ago (a decade maybe), only IT experts knew anything about data and backups. Now almost all of us do it on a daily basis, backing up our documents, pictures and other personal data onto cloud storage.
Thanks to the minimalistic approach to modern office design, businesses now rely on cloud storage to maintain open spaces and reduce clutter. As the reliance on cloud storage for both personal and professional use grew, an undeniable truth made itself known: cloud storage is a convenient storage option, not a secure one.
The importance of the cloud in our daily lives has made the topic of secure cloud storage as necessary for the common man as it is for the professionals. This is why we’ll try to cover everything you need to know about it below.
What Is the Cloud?
The cloud is basically one or multiple storage devices (hard disks) connected to a network. It’s accessible through an internet-based interface in the case of a public cloud service or on a private network for a private service.
Any data that you access through the internet or through a network is stored in the cloud. This can include anything from your Facebook pictures to your emails to documents on your Google Drive.
The apps you use are the interface through which you access your data. These apps interpret the data stored on the cloud and present it to you in the way that aligns with the medium used for the specific app.
On the other hand, Dropbox and Google Drive give you a file explorer experience and present a simpler data-driven design where raw files can be accessed without being formatted for a particular app.
What Is It Good For?
The cloud gives users the following benefits:
- Data can be saved without considering space limitations on their machine.
- They can access their files from anywhere.
- There are no added costs for new hardware or overhead for managing it on an organizational level.
These benefits, while they do make work easier, create a false sense of security for the user.
Are There Any Possible Drawbacks?
Unfortunately, these same benefits give rise to some risks:
- Since the data can be accessed from anywhere, it can be accessed from a number of places which may not be secure.
- The abstraction of limitless space hides the possible flawed business logic.
- You don’t have any control over the physical space where the data is stored.
Businesses rely on secure data to be successful and individual users expect what they upload to the cloud to be stored securely.
This is why, whether you run a business or not, you must make sure that the cloud service you use is secure.
Choosing to use any of the popular cloud services takes you a step closer to having secured cloud storage space. Your data will be behind a password on the cloud, hosted in a remote location owned by a company that keeps it secured more than an individual person likely could.
Third parties that provide cloud solutions make sure that the data they’re hosting is secured. There are a number of ways of achieving that. Some popular examples are:
The third-party cloud services provider makes sure that the premises where the data storage devices are located cannot be accessed by an unauthorized person.
These facilities are heavily guarded, have special biometric locks, are monitored at all times and even have protection against natural disasters.
Copies of the same data are kept in more than one place simultaneously. This measure ensures that in case of breach or malfunction, the data lost at one site can be recovered from the data at another site.
This requires the data to be synced across all cloud locations whenever a user updates the data they’re storing on the cloud.
Special firewalls are used to check the transfer of data between the user and the storage space. Not only that, but the data transferred is also checked on a packet (unit of data in travel) level to see if it matches any newly detected threat or virus.
These firewalls ensure that the users’ data won’t get corrupted or accessed by unauthorized personnel.
No matter the kind of storage system used by the cloud service provider, it has to be managed and taken care of. This is done by database administrators and other experts through their own accounts on the cloud.
These professionals don’t have access to the entirety of the data stored on the cloud. They’re blocked from accessing certain parts of it by internal firewalls.
Users’ IP addresses can be tracked to give their approximate geographic locations. This information is in turn used to check for suspicious activity.
For example, if a user logs in from Asia and then later logs in from Australia within the same day, that user’s activity will be marked as suspicious and will be handled accordingly.
Event Logs and Audit Trail
Detailed logs of network activity are saved to find suspicious activity.
In case of an issue, an audit trail can then be checked and verified to see details of past events and actions, along with the users who performed them.
These logged events can later be analyzed to build a narrative that helps understand the network activity related to the event. This helps in mapping and identifying patterns to avoid issues in the future.
Intrusion detection systems are used to stop anyone who tries to break into the system. Even in the case of intrusion by a hacker, intrusion detection systems are able to identify and stop the intruder’s advances to the internal systems.
These are monitoring systems that observe the network for a pattern of activities and policy violations, and then use them to identify an intruder.
One of the most important (if not the most important) technique of them all is encryption. Through encryption, your data is converted into incomprehensible code which is meaningless to anyone without the key to return it to its original form.
Even if hackers gain access to it, the data in this form is worthless to them.
Things to Ponder: Is It Enough?
Keeping the data in a secure place is one part of the solution to securing the cloud. The other part involves looking into other factors which may affect the integrity of saved data. These threats to data security include:
Even the most well-designed systems have one vulnerability: human error.
In the case of data breaches, the most common cause is human error, followed by system or process failures.
Human error is a broad term and can mean any number of things. The most common types of human error that lead to data breaches involve:
An employee with access to a business’ data or an individual uploading their own data to the cloud become the weakest link in the system when they choose a simple, weak password. These passwords can easily be guessed by a hacker or cracked with a computer within minutes or even seconds, leaving data unsecured.
Perhaps a strong password has been chosen, but it’s been written down in an unsecured place. This can include storing it on your phone or on a piece of paper.
These situations are why everyone is advised to always use strong passwords and set up two-factor authentication if it’s available.
Although organizations are targeted for phishing attacks far more than individuals, the threat remains the same. Scammers present themselves as a member of your circle of friends or network by using fake promotions, emails or user profiles. They then try to steal your identity or copy someone else’s to get into the system.
As such, you need to train yourself to identify phishing attempts and stay away from them.
On an organizational level, special training should be arranged to educate staff on the concept of phishing and how to avoid it.
Not everyone who works in a tech firm is tech-savvy. The same rule applies to consumers using everyday personal devices like smartphones and tablets. However, this doesn’t excuse them from following policies and procedures to ensure data security.
Some form of education is required to make sure that people learn the best practices for data security and privacy. This is true whether you’re an individual hoping to protect your own data or an employee charged with protecting the data of your employer.
Note: Further issues include the usage of unauthorized sharing software or malicious internet usage.
This takes us to the factors which we have little to no control over. Depending on the severity of your need for a cloud solution, you’ll need to look into the following factors to ensure that the company you choose keeps your data intact.
You need to see whether the company keeps different versions of your data or simply keeps the most recent data.
Depending on the kind of work that needs to be performed on the stored data, a revision history may be required which keeps track of when a changed occurred, what was changed and who made the change.
There may be a limit on the number of revisions that are stored or a date up to which the revision history is recorded. Check it out to know what to expect when you upload your files.
What happens if you decide to close your account with the cloud service? Does the company remove all the data they stored for you or does it stay in their system?
The company must ensure that they delete all your data when you choose to close your account. Failure to do so puts the security of your data at risk.
What kind of encryption does the company offer? Is it state-of-the-art, military-grade AES 256 or something else? Are the encryption keys stored with you or with the company?
While it may seem like a smart and convenient choice for the encryption keys to stay with the company, some situations may arise that make it a less secure option.
The company will have the power to recover your account but they’ll also have the power to read your data.
What if the government wants to see your data? What if the company decides to sell it for marketing or analysis purposes? Similar things have happened in the past. Why not now?
Does the company provide you with the option to keep the keys yourself? If not, you may want to find another cloud storage option.
Change of Ownership
Then there is the less common case of a change in ownership of the company where you’ve stored your data.
The company’s policies can change under the new owners, and if they do, they’ll have an undeniable impact on your data. No matter how secure it was before, if the company has the tools to decode it, there will always be a threat to your security.
This issue can be avoided if you encrypt your data before sending it to the cloud and keep the encryption keys.
What Should You Look At?
The concerns raised above place a serious question mark in front of the supposed solution to securing cloud storage.
Even after putting special techniques and technology in place, you still can’t be sure if the cloud storage is secured.
The only answer to this riddle is to see if the cloud storage company offers an end-to-end encryption (E2EE) solution.
This is one of the techniques of data encryption. In E2EE, the data is encrypted before it is transferred to the cloud and stored. The encryption keys are not at the company and thus nobody at the cloud storage company can decode and read your data.
This way, all the concerns are answered regarding the security of your data. Even in the case of the company changing owners, data being sold, breached or hacked, no one besides you can read it.
Even if your account is closed and your data remains in the company’s system, it’s still unreadable by anyone. This will remain true until significant advancements in computer technology are made that can break encryption with brute force in significantly less time than is currently possible.
Please note that E2EE is not TLS. TLS is a protocol that helps secure data when it’s being transferred from one point to another. It’s usually offered by cloud storage providers.
TLS can be broken, theoretically. E2EE, on the other hand, encrypts data before sending it and decrypts it after it receives the data back from the cloud.
It has the same effect as using a good VPN service while surfing the internet. Nobody knows the content of the data except the users themselves.
Testing the Claim
Besides the E2EE service that the cloud provider offers, the company also needs to be clear about how they manage E2EE.
The company must be open to third-party auditors which can independently test its claim of providing the E2EE service and can approve its usage.
The combination of E2EE and the third-party assurance of the service provides the ultimate secured cloud experience when combined with the other techniques we’ve shared above.
The risk, on the other hand, is that the burden of keeping the password and keys for your storage is on your shoulders. If you lose them, they’ll likely be impossible to recover.
So, before you choose a cloud service provider, think about what you’re looking for and then choose the one with the right combination of ease, security and access.
No one solution is perfect for everyone.