How to Ensure Your Data Survives a Cloudburst
LOOKING BACK ON the past few years, it has become abundantly clear what the trend is for document storage. People are storing documents, photos, and other data in the “cloud,” a buzzword for the nebulous array of services that offer storage in data center
Don’t get me wrong. In terms of data longevity and access, cloud services, such as Dropbox and Google Drive, offer clear advantages over portable drives. Servers have near 100 percent uptime, allowing access at any moment. Distributed data centers mean that catastrophic events won’t necessarily result in data loss from the user’s point of view.
That said, a careful reading of a provider’s privacy statement should give you pause. Google, for example, crawls your documents in order to serve up ads and provide contextual services, such as Google Now. And most US-based companies will hand over access to your data to the US government if served with a subpoena or national security letter.
That’s not the least of it. Data breaches and (spear) phishing attacks can expose your data to hackers, who sell it to the highest bidder, or use it for extortion. More ominously, US courts have basically authorized the NSA and FBI to hack into user accounts without a company’s consent or a warrant. It’s enough to make you want to break out your tinfoil hat and never store anything online again. But there is a way to leverage the convenience and security of cloud storage, while maintaining privacy. It just means taking a hit to the convenience side of things.
The trick is to encrypt your data before uploading it. That way, even if the data is stolen,
US courts have basically authorized the NSA and FBI to hack into user accounts without consent or a warrant.
it is unreadable to the attacker, company, or government without the key to decrypt it. Password managers, such as Dashlane and LastPass, use this methodology in their products. As a case in point, LastPass had user data stolen last year, but because that data was encrypted, it was considered safe as long as users employed a strong passphrase and/or twofactor authentication. (Weak and/or reused passphrases are often the biggest weak points.)
The hard way to encrypt all of this data is to encrypt each file you upload independently. But keeping all those individual passphrases synched can be tedious, even with a password manager. This can be simplified a little by using PGP public keys to encrypt each file, but even that can be tedious, as you have to manually encrypt each one.
The other, more attractive, option is to use an encrypted container or compressed archive file (like a ZIP or tarball). Windows users can utilize VeraCrypt to create encrypted containers. Linux users can use Tomb ( https://github.com/ dyne/ Tomb), which is a front end for cryptsetup and LUKS. Tomb’s features include an easy-to-use command structure, and the ability to hide keys in images or print them out to QR codes. ( Tomb has an experimental Android app, too, but it requires your phone to be rooted.) If you prefer the archive route, you can encrypt the archive with PGP. The downside to the container/ archive approach is that you have to download the whole archive or container each time you want to access a file within it.
Whatever method you choose, encrypting your data before it heads to the cloud is a good practice to adopt in the era of security breaches and mass surveillance. You can’t control whether or not someone gains access to your cloud storage account, but you can control how hardened the data within it is.