For many people security is one of the major issues when it comes to sending your files into the cloud. They worry about their files being seen or even compromised by other people because that’s what happened in the past. User accounts have been hacked, cloud storage systems failed, files and personal data were exposed.
Here are some of our recent articles covering the vulnerability of Dropbox and other cloud storage systems:
- Is Dropbox’s Security Truly Poor?
- Snowden Slams Dropbox’s Lack of Privacy, OK’s SpiderOak
- Almost 7 Million Dropbox Accounts Compromised
- A Look into the Aftermath of The iCloud Hack
A part from this guide we’ve covered TrueCrypt in our Ultimate Guide in Using TrueCrypt For Dropbox. However, TrueCrypt is no longer developed therefore there may have opened security holes that are not being fixed. So how can you effectively prevent that from happening even if your account gets hacked or something happens to your cloud storage provider?
The Answer is Encryption
Encryption is the process of making your files unreadable with an encryption key or pass phrase so that even if somebody gains access to your files – it doesn’t matter because the only thing an intruder sees is gibberish. Only with the key you can properly see what’s in a file.
In this article we’ll show you how you can make your files secure and use cloud storage safely without any worries. Basically, when it comes to encrypting your files in the cloud you have two options you can choose from. You go for a cloud storage service with built in (local) encryption or you use a service that encrypts files or folders for you.
Either way, both methods have advantages and disadvantages.
If you go with a dedicated secure cloud storage service you might need to change your whole setup transferring files to that particular service, make yourself familiar with how it works and probably sacrifice some third-party support, especially if you come from the most popular cloud storage and syncing service Dropbox.
On the hand you have everything under one hood and you don’t have to worry about file security and integrity any more. We’ll show you some services that we like
Service For Encryption Only
If you’re using a service dedicated to encrypting your files you’ll have more control over what files you’d like to encrypt and where you’d like to store files. For example, you can choose Dropbox, if you like that service, and not sacrifice security after proper file encryption.
On the other hand it might take longer for your files to be synced properly if you’re using third-party apps to encrypt them.
Either way, we believe it is necessary to protect your files with proper encryption especially if you’re using Dropbox to manage your critical files such as password databases, contracts or other important personal/business files.
BoxCryptor is a powerful encryption service for all your files that you plan to store online with a cloud storage service such as Dropbox or SugarSync. It is available for all major operating systems (including Linux) and mobile devices.
The best part: it is absolutely free unless you need to encrypt multiple drives or if you’d like to encrypt file extensions as well. For the purposes of this article we’ll show you the free version which is more than enough for the majority of users.
Getting Started With BoxCryptor
Getting started with BoxCryptor is as easy as installing any software on the Mac or PC. In our case we’ll use a Macintosh. BoxCryptor will add a new drive to your operating system that you can use for all things encryption.
Then you can specify a folder where you’d like those files to be stored. BoxCryptor will then create a folder appended with “.bc” to indicate that those files are indeed encrypted. You can, of course, store that folder in your Dropbox to sync files securely (finally). You’ll now have to move on to the next crucial step which is choosing an encryption password.
Choosing Your Encryption Password or Passphrase
Choosing your personal passphrase in the most important step. If you lose your password there will be no chance to restore your data because BoxCryptor does not store any password related files.
That’s the whole idea behind it. Only you should have access to your files. Make sure you choose a random secure password of at least 8 digits with symbols. Memorize it! And better yet: don’t configure your password to be remembered.
Moving Your Files to Your Secure Box
Now it’s showtime! Move your files to your secure BoxCryptor drive/folder and watch the magic happen. At first sight, you might now be able to see the difference, especially when you’re using the free version. The file looks virtually the same from the outside (filename and file extension).
So, if anybody were to get to your files somehow they would technically be able to see the file name. If that’s too much for you, you need the paid version of BoxCryptor. However, from the inside this file will only look like gibberish if the person does not possess your passphrase.
BoxCryptor – Encrypted File View
If somebody was able to get your Dropbox login information, this person could enter your boxcryptor.bc folder – absolutely.
Also, this person could download your files – BUT without your decryption passphrase the only thing this person sees is a jumble of numbers and letters.
If you don’t like the idea of installing another software on your computer just for encryption purposes, you might find the idea enticing to sign up for a dedicated cloud solution that will have built in local encryption for all of your files. Now, there are a couple of those solutions available: there is Cubby, Wuala and SpiderOak.
What Makes SpiderOak Secure?
SpiderOak is not only a cloud storage service. It can also be used for online backup (read here what’s the difference). They have established a zero-knowledge privacy which basically means they can’t read your data even if they wanted to. That is done via local encryption with a passphrase of your choosing.
Just like Dropbox SpiderOak gives you 2GB of free storage to play around with it.
With SpiderOak you can backup your files and share and sync your files. While SpiderOak is not as easy and intuitive to use as Dropbox it’s local encryption feature combined with server side AES encryption makes it very secure for your most important files.
Selecting Files for Backup
In order to get started with SpiderOak you can signup for free at www.spideroak.com. You’ll get 2GB of cloud storage. These days 2GB is nothing, if you consider other option such as MEGA that'll give you 50GB.
However, MEGA is not really for backup. Your next step is to select files for backup that you’ll upload to SpiderOak’s servers. Again, your files are being encrypted locally before sending them anywhere. That makes it a pretty secure alternative to Dropbox or other syncing services.
Start Syncing Your Files
SpiderOaks syncing strategy is a little different than you might be used to if you’re a Dropbox user looking for an alternative. You do not have a centralized “sync folder” where you put all your files that you want available on other devices. Instead, you select two folder that you want to keep in sync at all times.
These can be all folders that you previously selected for backup. Doesn’t matter if that was on your laptop or desktop computer. So now, whenever you change a file in any of those two folders the contents will get mirrored to the other.
Frankly, we think it’s not very well presented in the software itself as it takes a while to wrap your head around this.
Create multiple syncing folders
SpiderOak lets you create multiple synchronization destinations. So it’s no problem to create “syncing sets” that allow you to organize your syncs better than just stuffing all your files into one folder.
Probably, you’d like to have one folder that only syncs files from your PC at work with your desktop at home but not with your laptop. There are quite a lot of option with SpiderOaks file syncing capabilities once you understand how they are intended.
If you are a heavy Dropbox user and are very used to its benefits as well as limitations probably the best way is to go with BoxCryptor. It integrates well with Dropbox or other syncing services like Livedrive.
If you’re just starting out with cloud storage but worry a lot about file security we highly recommend you trying out SpiderOak for free. If you don’t like it you can switch to BoxCryptor any time because it’s free. At first, it’s not that easy to wrap your head around SpiderOak’s security and file syncing concept but once you ‘get it’, there are quite a lot of possibilities there.
What solution do you prefer? Share you experience with out community!