It’s becoming nearly impossible for the modern Internet user to avoid using the cloud. Cloud storage streamlines the process of accessing information and collaborating on projects regardless of location, making the service invaluable for many people in both their work and personal lives.
For users of consumer-oriented platforms like Google Drive and Dropbox, storing information in the cloud is a relatively painless process. Yet, the simplicity of cloud storage means that you may not think twice about uploading all types of information to these platforms, including sensitive documents with financial or medical data.
However, you may be putting your information at risk by storing it in the cloud. Even though cloud storage providers implement security safeguards and processes, it’s important that you don’t put all your trust in them.
Data shows that people who use the cloud want better cloud security education. In a survey of 1,001 cloud-based application users, Clutch found that 40% believe “better user knowledge” is the best way to improve cloud security.
With this data in mind, we asked Alex Miller, Clutch’s Senior Analyst in charge of cloud research, to share some tips for how to make the data you store in the cloud more secure.
1. Take Responsibility for Learning More About Cloud Security
It’s easy to trust that once you upload a document to a cloud storage service, it’s safe and secure, especially given some providers’ distinguished reputations.
However, in reality, cloud security is a two-way street. A provider’s best encryption will fail if you fall prey to a phishing scam that steals an easily guessed password that you haven’t changed in four years.
Data shows that users are beginning to recognize their personal role in keeping their data safe in the cloud.
According to a recent survey of people who use cloud-based applications, 42% believe that the responsibility for cloud security falls equally on the user’s and the cloud provider’s shoulders. This awareness of a shared responsibility means users may begin taking the proactive steps necessary for protecting their information in the cloud.
“If you go into the process of storing information in the cloud with an understanding that security is an equal share and that you and the provider have to be responsible, then you’ll likely understand the steps necessary to encrypt your data, keep your programs secure, and have a secure password,” said Miller. “Then, you can leave the more technical aspects and high-level security to the provider itself.”
Taking responsibility for cloud security may mean you turn on two-factor authentication or set a notification to change your password as recommended.
Improving the security of the information you store in the cloud doesn’t start with teaching potentially confusing technical details. Instead, it starts with changing perspectives. Users need to recognize that the responsibility for cloud security falls at least partly in their own hands and educate themselves accordingly.
2. Read Up on the Security Your Provider Already Offers
One of the simplest steps you can take toward securing your data in the cloud is to research the security features your cloud provider offers, as well as what actions you can take to increase that security.
Most providers have some sort of “trust center” that is a hub for this sort of information. Take Dropbox Business’ Trust Guide, for example.
If you use Dropbox for work, you can rely on its Trust Guide to learn more about Dropbox’s architecture, encryption, and disaster recovery response, among other topics.
Perhaps more significantly, though, you can learn about active steps you should take to protect the data you store.
“The Dropbox Trust Guide walks you through how to set up two-factor authentication,” said Miller. “It also walks you through other available features, like single sign-on and role-based access. Role-based access, for example, only allows certain users to access particular files and also gives you the ability to revoke that access.”
Features, such as two-factor authentication and role-based access, add an extra layer of security to your data, greatly decreasing your information’s vulnerability.
Enterprise-oriented services, like Amazon Web Services and Microsoft Azure, also offer trust centers. Their hubs provide an array of resources and explanations, given the serious implications of a corporation’s compromised data. For example, through their centers, you can request penetration testing or learn more about threat management. To learn more about the complexity of cloud storage at a larger scale, these websites may be worth a look.
The average consumer likely doesn’t need such a high level of detail though, and can stick with their regular provider’s resources.
3. Compare Your Cloud Storage Provider Options
One of the best ways to make an informed decision about cloud security is to simply know all your options.
So, you read through your current provider’s security offerings. What if another company has better services though?
Miller's team collects and organizes reviews, data, and case studies of a variety of cloud storage options, sharing an overview of their basic security features.
“If you’re working with a common provider such as Google Drive or Dropbox, it’s great to know what their encryption standards look like,” said Miller. “Do they have role-based access, what kind of files can you use on those systems, and what regulations can they comply with? Those security features are all areas that you can easily identify and compare going through our site, keeping you informed prior to selecting a cloud storage provider.”
Clutch's research features a list of cloud storage providers, both enterprise- and consumer-oriented. The target audience is specified in the “Made for” box, so users can easily identify if the provider suits their needs.
By clicking on the “View Profile” button of each storage provider and scrolling down, you’ll see a simple overview of the security features offered by these platforms.
For example, Dropbox’s profile shows if the provider is compliant with three widely enforced regulations for cloud security – HIPAA, PCI, and ISO.
HIPAA deals with the security of healthcare information, PCI concerns financial and payment information, and ISO is a more general standard of security. So, if you are a small business looking to store financial information, it’s helpful to know if the provider is PCI compliant.
The best weapon against confusion is knowledge. Take a moment to educate yourself on existing options to better inform your cloud storage decisions and behaviors.
4. Attend a Conference or Training
Most cloud users likely can find a resource on the Cloud Security Alliance (CSA) that will help them better their cloud security practices, especially if they are seeking to improve their skills for professional reasons.
CSA is a non-profit organization that promotes cloud security education around the globe through research, training, and community building. They call themselves the “world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.”
One of CSA’s key strengths is its reach – they have a presence on every continent except Antarctica. Given that support, they can target a wide range of cloud users.
“The overall goal of the CSA is to promote and educate businesses and users on best practices for all cloud situations, no matter if it’s an enterprise cloud segment or small business cloud storage solution,” said Miller.
CSA offers trainings and certifications to test cloud security proficiency. For example, the upcoming CSA Federal Summit in Washington, DC is free for government attendees and includes CCSK (Certificate of Cloud Security Knowledge) Foundation Training to help users learn about the “14 domains of cloud security.”
Attending an in-person event is a bigger leap than many average users are willing to take when it comes to improving their cloud security knowledge. However, this type of active learning may be worth the effort for a more comprehensive education.
5. Encrypt Your Sensitive Information Before Uploading It to the Cloud
Are you concerned that your information may still be at risk, despite your cloud provider and your best efforts? Tools like Boxcryptor and Cryptomator give you the power to encrypt your data before storing it in the cloud, ensuring that even if the cloud storage provider is compromised, hackers cannot easily access your data.
Encryption works by protecting your data behind a key. When encrypted as “ciphertext,” your data reads as a string of meaningless characters. By using the key, however, the data can be translated back into comprehensible information.
Storage providers, such as Dropbox and Google Drive, encrypt their data. However, these providers also hold the decryption key. With Boxcryptor and Cryptomator, a password you create protects your personal decryption key. Thus, even if a provider is compromised, hackers are stopped by your password-protected personal encryption.
You may not realize that inexpensive options for security exist separate from your cloud storage provider.
“It’s important for consumers to understand that this is an option,” said Alex. “You do have the option to encrypt and secure data outside of the typical measures implemented by your storage provider.”
These tools are an excellent option for highly sensitive information. They are likely unnecessary for your everyday inessential data storage though.
6. Consider Storing Your Data With a Zero-Knowledge Provider
Another option for secure cloud storage is using a “zero-knowledge” provider, such as SpiderOak or Tresorit. These services use a client-side encryption key, meaning that only the client has the ability to decrypt data. Thus, employees at SpiderOak, for example, have no way of accessing client information stored on their platform.
Zero-knowledge providers may not be ideal if you’re forgetful. “Basically, if you lock yourself out of your account or lose your data, they can’t retrieve it for you,” said Miller.
However, Miller still believes that despite the risks, zero-knowledge providers should not be overlooked because of the security benefits they offer.
“Zero-knowledge providers are one of the most secure ways to store data, so they are really great for individuals storing healthcare documents, personally identifiable information, or other data that absolutely cannot be compromised,” he said.
Zero-knowledge providers thrive in an era of surveillance-heavy paranoia. Their marketing occasionally riffs on the fear that large technology companies, such as Facebook and Google, have potentially questionable loyalties when it comes to user privacy. For example, the famous 2013 leak of the government program PRISM by Edward Snowden had Internet users concerned that the National Security Agency could mine private information from popular websites.
To distance themselves from companies with potentially less stringent privacy standards, zero-knowledge providers loudly proclaim their commitment to confidentiality and their inability to access your data. Furthermore, these providers are almost as simple and easily accessible as other popular services, such as Google Drive and Dropbox.
While this level of security isn’t necessary for everyone, it’s worth investigating to learn more about different styles of security among cloud storage providers.
Don’t Disregard the Importance of Cloud Security
According to our survey of 1,001 cloud-based app users, there’s a greater understanding of the need for better education when it comes to cloud security. Therefore, these six tips from Clutch’s Senior Analyst Alex Miller aim to offer advice – ranging from the general to the specific – for educating yourself on cloud security and protecting your data from vulnerabilities.
- Take responsibility for learning more about cloud security
- Read up on the security your provider already offers
- Compare your cloud storage provider options
- Attend a conference or training
- Encrypt your sensitive information before uploading it to the cloud
- Consider storing your data with a zero-knowledge provider
You may not have security on your mind when you deposit a file in Google Drive, Dropbox, or another cloud storage service because the platforms are so easy to use.
“As long as it works the way it’s supposed to work and your data is there when you need it, users may not think they have a reason to worry about security," said Miller.
There are many reasons for cloud storage consumers to be concerned, though, from confusion about what safeguards a service has in place that can exacerbate security vulnerabilities, to rare hacks that expose personal information to nefarious individuals.
User education is the best means of improving cloud storage security and decreasing risk. Use these tips and resources to start educating yourself before it’s too late.
About the Author
Riley Panko is a content developer and marketer at Clutch, a B2B research firm in the heart of Washington, DC. Her research focuses on the cloud. Reach out with questions, comments, or concerns at [email protected]