Can You Trust the Cloud with Your Personal Data?
Do you use Facebook, Mint, Pandora, Shutterfly or an email service like Gmail, Yahoo or Hotmail? Then you're already storing information in the Cloud. The Cloud simply refers to a virtual place on the Internet where various kinds of data can be accessed by a computer, tablet or smartphone application.
I confess, I love the Cloud. Google Play Music keeps track of what music I download to my Android phone and saves a copy of all my tracks and playlists online so if I want to listen to my music from a computer or other device, I can. Instant Upload for Android sends any photo or video I take up with my phone to a private album in my Google+ account, which makes sharing them easy. And any change I make to my Google calendar on my desktop gets instantly synced to my phone.
Apple’s iCloud works the same way. All the photos, music, documents and more that you have saved on the Cloud get pushed out to your devices so you can access them whenever and wherever you want.
For file backup, sharing and sync, I have used SugarSync, although Dropbox or KeepVault (among others) work just as well. Not only does it make my files available across all my devices, it has proven to be invaluable. Once my laptop died. After replacing it I was able to retrieve all my files from the Cloud and save them onto the new computer in just a few minutes. And when I need to access a document when I’m not at the office, I don’t have to save a copy on a USB stick or e-mail it to myself. I can use any Internet connected device to get at all my documents.
Even though most people who are active online are already using the Cloud to some degree, there are those who don’t trust it. This is particularly true when it comes to backing up files online as opposed to using a secondary physical location such as an external hard drive.
Such distrust isn’t unreasonable considering that even big names like Microsoft and Amazon have experienced outages with their Cloud services. And modern day hackers seem to be able to mess with anybody they choose, even security vendors like Symantec.
So is there a chance files you backup to the Cloud could get lost or hacked? Yes, although Cloud storage service providers go to great lengths to stop it from happening. In fact, I quizzed Robb Henshaw, SugarSync's Director of Corporate Communications, about the company's security protocols and they're quite extensive (see Q&A below).
So should you use a Cloud service? It's not an easy answer. If you have sensitive information that could harm you or your business should it fall into the wrong hands or become unavailable for a period of time, you'll have to weigh the benefits of the anytime, anywhere access of the Cloud against the very small risk of loss. In the end, you may decide these select files may be better suited for a physical data locker that only you can open with a PIN, such as the 500 GB Apricorn Aegis Padlock 256-bit Encrypted Hard Drive ($174.99 on Amazon.com). But keep in mind that physical storage units can also be stolen or lost in a fire, perhaps at the same time as the computer they're backing up—which would be a disaster. For backing up photos, music and innocuous files that no one but you cares about—the Cloud is definitely the way to go.
Q&A With Robb Henshaw of SugarSync
CD: Is the Cloud safe from hackers?
RH: Certain Cloud services, like SugarSync, do offer top security measures to ensure your data is safe from anyone else but you. SugarSync, for example, offers users the same level of encryption, data protection and security as consumers receive when doing a transaction with their banks online. Users’ files are transferred securely using TLS (Transport Layer Security) and are stored in the cloud in an encrypted format using 128-bit AES. We also operate our own SAS-70 compliant datacenters. SugarSync also ensures that all files accessed via mobile devices are encrypted as well, using SSL encryption. In addition, SugarSync undergoes regular third-party security audits to ensure there are no vulnerabilities in our system, and we are also regularly vetted by the partners we sign to ensure our security meets their standards.
CD: Can law enforcement or other entities get their hands on data a person has stored in the Cloud?
RH: Yes, law enforcement can request that Cloud service providers turn over a user's data in connection with a criminal investigation—but they would need a subpoena to do so.
CD: Do most consumer Cloud storage services encrypt user files?
RH: Yes, most services do…SugarSync certainly does.
CD: What if a user encrypts a file before uploading? Does that cause a problem for SugarSync or in terms of accessing the files later?
RH: Some users do choose to use third-party encryption services (like TrueCrypt, etc.) to add an additional layer of encryption. When they do so, SugarSync cannot give anyone access to that content (even if served with a subpoena), but this also means that SugarSync will not be able to auto-sync changes made to the content because we will not be able to see the changes. But all other features would still work.
CD: Do you suggest that people also use some kind of secondary backup, like an external hard drive for extremely sensitive or valuable documents? Or is the Cloud so secure that nothing will ever happen to people's files?
RH: The Cloud is absolutely secure, so there is no need to backup to external hard drives. In fact, external hard drives fail every 3-5 years, so there is a greater chance of losing data on external hard drives than on the Cloud.
(Note: Code 42 Software, which developed a cloud storage platform called CrashPlan, recently told me it takes a different approach and suggests that users do back up their files somewhere else, just to be safe.)
CD: How can a person know employees of the Cloud service aren't reading or doing things with people's files?
RH: We promise as part of our terms & conditions that SugarSync employees will not access your account unless authorized to do so by the user expressly (i.e., for customer support reasons, if a user forgets their password, etc.).
CD: How can a person be sure that if a tornado rips through the building where the servers are kept they won't lose all their data?
RH: In SugarSync's case, we have multiple data centers, and everyone's data is stored in multiple locations. And all our data centers are also backed up to Amazon's servers. So three datacenters (at least) in very different locations would all have to be destroyed at the same time for any user data to be lost. That likelihood is nearly impossible.