« Data in the Cloud » is not a new concept: Wikipedia says it’s been existing since the 1950s. But for the people in general, it is a pretty new concept.
If you are not familiar with « could computing » (like most of the population), Gmail, Hotmail, Yahoo Mail, DropBox, Google Drive, Google Contacts & Calendar, iCloud, Amazon S3, Flickr are examples of cloud computing services.
Putting pictures in the cloud has always seemed a good idea for everyone wanting to share pictures. Flickr.com was founded in 2004 and everyone started to put their pictures there. Sharing pictures online really is an interesting innovation !
But nowadays we hear stories of important website leaks, or accounts hacking and people start to think putting your personal data off-site might not be clever… I think it is clever to do so, but only if you do it cleverly.
First of all, one can note a lot of advantages to put their data online: having contacts on multiple devices at the same time, all synced, having heavy files and pictures online for sharing, emails located offsite saving gigabytes of disk space and allowing for a fast search…
Among all inconvenients, security seems to worry some people. I’m asking this very simple question: what is more secure between:
- Having your contacts or emails managed by Google with thousands of engineers and billions of dollars of servers, security and R&D or;
- Having your contacts or emails located on your personal PC at home, that probably is not protected by a password, probably doesn’t have an up-to-date antivirus and anti-spyware, and using some random email server hosted by your small ISP ?
Because no matter how insecure you think the cloud is, and how true that is: your computer is even less secure !
Of course I am not stating that it is more secure to store all your data online, but I’m saying that if you do it – and you should – you have to do it properly.
Gather Your Information in the Least Number of Providers Possible
Make the complete inventory of all your stuff that is not located on your computer: pictures, movies, contacts, emails, large files, backups, music, calendar…
Then try to find providers that can host the most of it, while having the least providers as possible. Why ? because you want to concentrate your efforts into securing each provider independently.
Try to pick the most trustful providers. For example, Google has Double Authentication (I’ll explain that later in this post).
Also, the least providers you have, the easier it will be for you to remember where your stuff is, and where to remove it from if you ever need to.
Finally, try to pick providers that offer « export » features. You sure want to trust them and be loyal to them, but another company might have a better offer someday and if you want to switch, you must be able to.
What is it ? It means that a single password is not enough to access your data. In the old days (and even nowadays with most of the websites), you only needed a username/email and a password to get into an account, and therefore get access to the data.
Two-Factor Authentication means you need two pieces to get access. A password + a code sent by SMS, for instance. That means a hacker would have to know your password while being in the presence of your cell phone to log into your account. The concept is « something that you know » + « something that you have », Wikipedia says.
There are other ways to have Two-Factor Authentication: an App on your cell phone or a physical token-generator for example.
Lifehacker.com also says you really should turn-on this feature.
If you put large files in the cloud, chances are you use DropBox or an equivalent.
Usually, this kind of service, although very practical, transfer the data between your computer and their server unencrypted. Someone could capture the data in the process…
If you do it for unimportant files, that’s fine. But if you backup sensitive data, or things you would prefer to keep for yourself, you should have another strategy.
I strongly recommend to encrypt the data on your computer directly (that’s the Client-Side Encryption I was talking about) and then transfer it to the cloud.
You could use a small software called SecretSync, for example. Try it !
Or you could also use an encrypted Mac DMG and put it on DropBox directly.
Note: if you use USB keys, you could also use TrueCrypt which does kind-of the same thing.
Transfer Data On HTTPS – a Private & Wired Lan If Possible
On Wifi, your data may be captured by hackers. Same on 3G.
Try to use services that use HTTPS, and try to use a wired lan, at home, if possible.
Backup & Export
If you put your data in the cloud, you will depend on the provider’s service. If it’s not available, your data will not be available. If they get hacked, your data might be hacked or worse: lost.
You should select providers that have « export » features and make sure to always backup your data securely somewhere else.
Use Multiple Passwords
Use a tool like 1Password and make sure the passwords you use for each different service are distinct and extremely strong. Chances are no hacker is going to attempt an attack on your specific account, but if the provider’s database is compromised, you don’t want the hacker to get access to you accounts elsewhere.