How secure are my files in the cloud?
This is a question often asked by everyday people, small business owners and IT admins. However, it breaks down into three questions that look something like this:
- How much protection does my cloud storage account have from being hacked?
- How safe are my files from employees at the service provider who might want to look at them?
- How secure are my files when they sit on the provider’s servers and when they are in transit to my device?
The answer is to all three questions is the same: The major cloud storage services are highly secure. In general, your files are better protected with a top cloud storage provider than they are on your laptop or an external drive. Yet, people still have their doubts about storing files in the cloud. With this in mind, it’s worth taking a moment to review how cloud storage providers protect and lock down your personal and work files.
What is cloud storage?
First, some basics. Cloud storage is an umbrella term describing a service that stores files, photos and data in a remote data center and gives you access anytime and anywhere that you have an internet connection. You can think of it as a hard-disk-drive in the cloud, with nearly unlimited capacity without the hardware.
Many people and businesses use cloud storage because of benefits like anywhere access and protection from loss due to disk drive failure or a lost device. Cloud storage also enables collaboration features like file sharing, real-time collaboration, and version history. And some services offer advanced security features like ransomware recovery, virus scanning and mass file deletion warnings.
However, despite all its benefits, there are still people who don’t fully trust cloud storage. An IBM/Harris online survey of 10,000 consumers found:
- Seventy-five percent of respondents won’t subscribe to a service if they don’t trust the company to protect their data
- Seventy-three percent indicate it is crucial that companies quickly take proper action to stop a data breach
- Seventy-three percent think that most businesses focus more on profits over addressing consumer security needs
How cloud storage providers keep your files secure
Cloud storage providers understand how a single security breach can result in a massive lack of trust. Thus, the most reputable providers have created many systems and controls to keep your content safe, secure and private. These systems require significant investments, and they dramatically reduce the probability of data breaches while enabling quick detection and mitigation when a critical event occurs.
As you consider entrusting your file storage needs to a cloud storage provider, it’s essential to be aware of the most common cloud storage security best practices available.
We recommend you work with a provider that offers all of the following:
Robust access control systems
Employees at your cloud storage provider should not have standing access to your files. The best policy is known as “zero standing access,” which establishes that no engineer or employee can access a customer’s cloud storage files or account unless explicitly granted in response to a specific incident. Your provider should maintain strong internal access controls to ensure that your data is safe from unauthorized access by personnel.
Automated security monitoring systems
Go with a provider that maintains robust, automated, real-time security monitoring systems. Any illicit attempts to access customer data should raise immediate alerts when detected—the same goes for attempts to transfer data out of the cloud storage service.
Data protection in transit
When data moves from your device up onto the cloud drive, or between the cloud provider data centers, the data is encrypted as it travels. Known as “encryption in transit,” this protects the transmission using transport layer security (TLS) encryption. Choose a provider that only uses authenticated connections over HTTPS.
Data protection at rest
Your provider should also encrypt your files stored in its data centers, known as “encryption at rest.” Each file should ideally be encrypted at rest with at least a unique AES256 encryption key.
The data center where your files are stored should have very tight on-premise security. For example, only a limited number of essential employees should have access to the data centers. Their identities should be verified with multiple factors of authentication—including smart cards and biometrics—before being allowed entry. Additionally, the data centers should have on-premises security officers, motion sensors, video surveillance and alarms.
The cloud provider has to defend its network against threats like Denial of Service (DoS) attacks, phishing, social engineering and penetration attempts. Firewalls, clear-cut employee training programs and limiting network traffic into the data center from unauthorized locations and suspicious IP addresses are all part of the solution.
The software code that powers your cloud experience may contain points of exposure. Thus, the engineers who build cloud storage software have to follow application security (AppSec) protocols and perform automated and manual analyses to keep vulnerabilities from entering into the code. Additional AppSec measures include arranging for “Bug Bounties,” which enable people across the world to earn money by reporting vulnerabilities in the cloud provider’s software code.
Your files and data should sit in two different data centers to ensure that if something happens at one data center, your files are safe and accessible at another data center. A “mirror site” creates a secure backup in a fault-tolerant data center located in a different geographic region. Your files and data should mirror in at least two places that are several hundred miles away from each other. This backup mitigates the impact of a natural disaster or loss event (e.g., a cyberattack) within one of the regions.
A cloud storage provider is obligated to keep its data centers healthy and secure. This level of service involves careful inventory management, which provides the basis for helpful monitoring and reliable operation of the computing equipment that stores your files in the cloud. Continuous deployment ensures that each machine and cloud drive receives the latest software updates and current anti-virus signatures.
Mass file deletion protection
If you inadvertently delete a large number of files, your cloud storage provider should have recovery methods in place. The process starts with sending you an alert, followed by the steps required to recover your files.
Suspicious activity monitoring
To keep your files and account secure, the cloud storage provider must set up systems that actively scrutinize and block any suspicious sign-in attempts—such automated surveillance guards against unauthorized access to your account.
By choosing a cloud storage provider that implements all of these security measures and countermeasures, you can have peace of mind knowing that your files or your business’s data are protected from loss and unauthorized access. You can also play a part in your cloud storage account’s security by following these tips to protect your files in the cloud.