This is a guest post by Jeremy Haze. If you are interested to guest post in this blog, just head over to the Guest Post Guidelines.
As the cloud computing is getting more and more popular as a highly practical solution to multi-platform file sharing, so do the issues related to it. It is almost impossible to find an article or a research paper on cloud computing that does not put a strong emphasis on the security problems related to it.
After Dropbox had a serious bug a year ago when the accounts could be accessed without password, users started questioning the security of documents stored there. Despite the claims of Dropbox people that no one can access users’ documents, the question is still burning. It was not only Dropbox bug, however, that raised security questions. It was also the launch of Google Drive earlier this year that had a suspicious legalese in its terms of services. This was the sentence that particularly captured the eye of anyone reading the ToS:
“When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content”
Most of the other services have similarly ambiguous paragraphs in their ToS. However suspicious this might seem it’s a fact – a user doesn’t know whether the content he or she uploads to the cloud would be actuallyprivate or not.
The outages in Amazon Web Services further worsen the conditions for users to adopt the cloud. The last one that lasted for several hours caused much traffic loss for websites and raised many reliability questions. The number of cloud storage providers constantly grows and most of them are constantly improving their products’ features. Now photo and video upload is a no-brainer, the documents are automatically updated and available from anywhere. File sharing and collaboration are easy and efficient.
Most big names in cloud computing use a 256-bit encryption on server side to protect the documents. This means that when you enter a password it would be automatically translated into a combination of 256 characters, so it is impossible (or almost impossible) to try out all the potential combinations of these characters in order to break the password. The problem however is that the password is saved on the server along with the documents and if someone has an access to the server, he or she theoretically has an access to the documents too.It is not very likely that something will actually happen to your cloud data but with the server side encryption such a possibility always exists, at least hypothetically.
To solve this problem, users may encrypt the data by themselves – using a tool like truecrypt for example – or choose some of the cloud storage providers that store the passwords on user’s devices. The so-called client-side encryption refers to saving the password on the user’s computer. This means that it is not only impossible for someone else to access the documents, but it is impossible for a user to reactivate their account if the password is forgotten. So, if you choose this solution make sure you’ll never forget your password.
All the fuss about security shows a darker side of the cloud. The truth is that the risks may sometimes appear huge, but the current speed of development of cloud services may promise a solution to security problems in the near future.
About the Author: Jeremy Haze is a blogger, internet junkie, technivore, and IT security consultant for DejanSEO from Brisbane, Australia, currently collaborating on Encrypted File Storage blog project.