Moving your files into the cloud comes with risks as well as advantages. In this article we’re going to take a look at who has access your cloud storage, as well as some simple ways to prevent unauthorized access.
While having your data stored in your personal cloud storage makes life easier, the fact that you use a third-party hosting provider complicates things a bit. One worrying fact is that your data is stored on servers that belong to someone else and over which you have no control.
Who Has Access?
Whether you like it or not, storing data in the cloud means someone else gets to see, and even access, it (unless you go for a zero-knowledge provider, that is).
In cloud computing you move your data, applications and processes into third-party domains that you then access remotely. Whomever you entrust your data to will, therefore, be able to see it, and that’s a fact you have to accept.
Your hosting provider is responsible for the storage and safety of your data. While we can safely say that most of their employees can be trusted to do their work in a professional manner, there will always be the bad apples that will either lose or steal your data.
Disgruntled employees pose a threat as they will sometimes look for ways to get back at their employers. The higher up the food ladder these employees are, the greater the risk they pose to your data.
This, unfortunately, is a scenario you can’t control. All you can do is look for a reliable provider. However, know that even the best cloud storage providers can have rogue employees.
Then there are the ex-employees that have left but still hold a grudge against their former employers. They could try to get back at them from the outside by going after your data.
Contractors working for your hosting provider could also be allowed to handle your data. This adds one more circle of people that will handle your data and thus increases the risks you will have to face.
Whenever possible, opt for a hosting provider that is self-reliant and handles all aspects of your data’s storage internally.
People don’t necessarily need to have worked for either you or your hosting provider to want to steal your data. External hackings and malware attacks are on the rise with major data breaches grabbing headlines almost every other week.
Finally, the fact remains that many countries in the world have their citizens’ data under scrutiny. Your data won’t avoid those prying eyes either; if they set out to track your online activities they will get to it. There’s actually nothing much you can do in this case. With governments controlling national digital grids, they pretty much have free rein regarding their citizens’ data.
Steps to Take as an Individual
Here are a few measures you can take to improve your data security, for a full overview, make sure to read our online privacy guide.
Be Careful with Passwords
Only you should know your passwords. It is confidentiality that makes for a strong password. Creating a password, and then writing it down on a Post-it note isn’t wise. Anyone can come across that note and use it to access your data. If you have a hard time remembering passwords, consider using password managers.
Remember to Log Off
Always log out after you are done working on cloud data. Develop the habit of logging out of all websites including emails and social media accounts. That way, even if you leave your device unattended (or it gets stolen) your data remains safe. Also, configure your browser to delete all historical data (including passwords) when you close it.
Don’t Trust Public Networks
Never access your cloud data on public devices. You can’t be sure what kind of malware has been installed on them or what sorts of viruses are lying in wait for you. Whenever possible, avoid accessing sensitive information through a public WiFi connection. If you must do it, do so with utmost care; take precautions and keep your access of confidential data to a minimum.
Go Easy on the Downloads
Don’t install software packages unless you are sure what they do and it has been proven that the companies that make them have stellar reputations. Even then, be careful; software that had previously been thought to be safe have later been found to be otherwise.
Steps to Take in a Business
Looking into ways you can protect your business’ data, we have the following.
Draft, and enforce, an IT policy that covers data access, usage and protection which your staff should then strictly adhere to. Your business’ security is only as strong as the weakest link — a reckless employee.
Let them know about the dangers of ignoring policy so they know why they have to follow them in the first place. Organize meetings, tutorials to explain why it is important for everyone to keep their devices secure. Explain how one slip up could put their jobs and even the business at risk.
No one should be granted access to any soft- or hardware without the proper authority. Company devices should be administratively locked so only authorized applications run on them. Only tech support should have full administrative control over software installation and device maintenance.
Strict Role Assignments
Audit roles regularly to remove privileges and accesses that are no longer required. Account privileges can be delegated to HR who can then authorize the creation of new accounts, upgrades/downgrades as an employee moves around the company and delete accounts when they leave.
Steps to take in the cloud
Finally, let’s look at steps you can take directly in the cloud.
Making sure you have a well-tested backup plan in place guarantees a quick recovery in case of an attack. So, opt for a hosting package that includes regular backups.
Keeping an eye on your cloud hosting provider’s upgrade schedules ensures no exploits exist for hackers to take advantage of. Regular meetings should give you an idea on how often they patch their applications and software.
Protect Your Data
Have the latest versions of the best antivirus, anti-malware and network security technology in place. Always go for a company that takes its server and network security seriously.
Do a cost-analysis to see if encrypting your data will be worth the latency it might cause due to encryption/decryption times. While you might think this slight delay is insignificant, it isn’t. Every second a page takes to load, for example, affects things like your SEO ranking and UX (user experience).
Also, whenever you need to transfer sensitive data using one of our best VPN picks will thwart eavesdroppers and data hijackers. However, make sure the VPN software itself isn’t stealing data from you.
If you have any doubts about your data hosts’ security setup, keep your confidential data off their servers. You can instead create a secure data environment locally where you will be able to keep a closer eye on it. This, though, will mean you need to invest in servers and their maintenance.
Take Care with Overseas Servers
Make sure you read the small print about who owns your data — and under what conditions — to avoid costly litigation battles with your cloud storage provider. This is especially true in cases where they store your data on overseas servers. Should a falling out occur between you and your storage providers it could quickly turn into a legal nightmare as you try to recover your data from them.
Finally, remember that the struggle to keep the bad guys at bay is an ongoing one with the baddies staying one step ahead of the people trying to stop them. But, with the tips we have seen above, you will ensure that you keep your data safe.
None of the above means you shouldn’t store data in the cloud. It just means you need to take the necessary precautions and your data will remain safe. Just follow the rules:
- Use strong passwords and adhere to IT policies
- Secure your hardware, software and their access
- Audit roles and privileges
- Pay for quality storage and services
- Avoid accessing sensitive data using public networks and devices
- Encrypt data, use VPNs
- Use your own servers if you want to keep full control
Follow these tips and you should be able to secure your personal cloud storage from attacks. Finally, never forget that the digital world is a rapidly evolving one which means you will need to regularly keep yourself updated on how to keep your data safe.