11-28-2011 05:18 PM
There's a lot of good information coming from the experts here.
It seems to me that more and more people are using the cloud to store their data. It frees up space on their hard drives.
Just how safe is it?
What security is available to insure that my data is safe and is not being subverted?
Are there any restrictions as to what data is allowed to be saved to the cloud?
Does the company that hosts the cloud have access to my data?
It seems to me that a company or an individual could store questionable data to the cloud if there weren't any restrictions on content.
Are there any recommendations as to what clouds are good to use? Which ones are safe?
What happens to your cloud if the company that hosts it goes out of business or gets sold or merged to another company? I think I already know the answer to this one. I'll bet a lightning bolt gets shot into my cloud and my stuff disappears.
I've been tempted to use cloud computing, but I'm just a little leery of the implications.
I use a few hosting sites to store some pictures, but nothing major.
Solved! Go to Solution.
11-28-2011 08:09 PM
How safe your data is or what happens to it if the company fails aren't functions of "the cloud', but rather functions of the companies with which you choose to do business. If you're looking at a cloud-based provider, some questions you will want answered include:
1. What type of encryption is used to store the data?
2. Who, besides yourself, will be able to decrypt and/or access that data?
3. What contingency plan does the company have in place in the event of failure (natural or financial)?
The biggest advantage to out-sourcing your data storage is so that you can access that data from multple devices / locations. This also means that the biggest disadvantage is that the data you've stored can be accessed from multiple devices / locations. If your login credentials are stolen, attackers could gain access to the data you've shared.
Some folks will encrypt files before they are uploaded with a second layer of encryption applied at the host. If you're storing sensitive data, encrypting data twice is a good idea. If you're storing non-sensitive data, then the encryption supplied by the cloud supplier is probably fine.
Note that whatever you store there will be subject to subpoena / search / seizure if it's suspected you are engaged in illegal activities.
11-28-2011 08:44 PM
Good points, and good questions to ask a provider. Thanks for that.
I've been toying with the idea for awhile now, I think I'll try it.
11-29-2011 02:52 PM
All very good questions, and very important to me personally, as I have been a longtime user of cloud backup and data services.
To start, keep in mind that hosting a cloud data service is costly, so whenever you are using a free service, ask yourself how they make money. Cost comes in a variety of forms; there is infrastructure cost such as network bandwidth, space, power, cooling, hard drives, servers, and operational costs such as IT staff maintaining the datacenters, and legal staff dealing with DMCA takedown notices and government data access requests.
Some free services are provided as an ancillary feature of a larger product that has an alternate revenue stream, e.g. search providers indirectly make money by having you use a variety of their services, some generating revenue, and some not.
Some free services also offer paid options, e.g. a little storage is free and a lot of storage costs money, and the revenue from the upgraded storage option covers the expenses associated with the free storage.
In relation to cost, one of my favorite topics is unlimited storage, there really is no such thing. I have been a victim of several unlimited storage providers that went out of business, with my data gone in the process, or vendors switching to pay-for-space models that made it unfeasibly expensive, or started enforcing network speed restrictions that made the service unusable.
There are still a few services that offer unlimited storage, if you use them, like I do, be sure you understand the terms of service, and have a backup plan.
Cloud data services come in at least two flavors, sync or backup type services, and data upload type services. The distinction is in how storage is allocated in relation to what you have locally.
A sync or backup service will make a cloud copy of data you have on your devices, this means that the maximum storage required by the backend is equal to the maximum storage you have on all your combined devices. So even for unlimited storage services, it is really limited to the amount of storage you have in all your devices.
A data upload or archive service takes a copy of your data, and you no longer have to keep your copy of the data, while they make it available for access from the cloud. These types of services almost always restrict storage space in tiered pricing models.
There is a variant of the data upload type service, especially the free versions, which restrict files to specific types such as music or pictures, thereby requiring the user to access the hosting website in order to access the data, thereby allowing the website to generate revenue by means of e.g. ads.
Now let’s talk about some of the more technical, security, and legal aspects.
Hard drives and bandwidth cost money, so cloud vendors want compression and data de-duplication. Users want security and privacy, so they want files encrypted in a way that only they can read the contents. Governments mandate data content, storage and transmission regulations, so they want content access and storage policies. None of these really play together without some level of compromise.
Most cloud storage vendors compress and encrypt files, but as data de-duplication on per-user encrypted files is difficult (see convergent encryption), most vendors either encrypt per user using a key known to the user only and de-dupe for that users files only, or encrypt all files using a key known to the service and de-dupe across all users files.
When you pick a vendor, be sure you understand if and how they encrypt the files, and if they can read the file contents without your knowledge. If they can decrypt the files, it is possible that an intrusion, or a rogue employee, or a government can read your file contents.
If you are really concerned about the privacy of file contents, either do not use a cloud storage provider, or encrypt your files yourself before they are stored in the cloud.
11-29-2011 03:14 PM
All good points, thanks for the insight.
There's a lot of things to be considered before using a service. I believe in redundant backups and storage and I've been looking at online storage for awhile now. You've all raised a lot of good points to be considered before choosing a provider.
11-29-2011 08:24 PM
11-29-2011 08:49 PM
Ain't that the truth.
11-30-2011 02:57 AM
It seems these days, "Cloud Computing" is all the rage as a concept introduced not that long ago. If you, as a home user, are entertaining the thought of climbing aboard, you must remember, cloud computing is a "service" oriented concept, not a "product". It isn't something that you can purchase which may give you some rights to certain ownership privileges.
Your personally owned computer is your responsibility. Likewise, security of your personal information is going to rely on your own "administrative" prowess.
Good security practice dictates that you keep your personal information...personal. It's no more complicated than that.
Cloud computing, for the home user, is really not intended for anything other than storage. The cost and concept of this service may just as well be considered to be something equal to a locked rental storage facility. The difference is, your "stuff" is available to you only if you have a key to get in.
The "key", relative to the cloud computing concept, is your internet connection.
There are some malicious computer virus infections that one can encounter which removes the internet connectivity. If you lose your Internet connection, you've lost your key to the cloud that stores your data. In other words, you're locked out. I've seen no mention of this and wanted to make the point for those who just haven't given it a thought.
For the home user, cloud computing use as a storage device should be weighed against the "purchase" of an external storage device. The differences are obvious. One you own. The other, you rent.
11-30-2011 06:41 AM
I did know that losing the internet loses my connection to my data.
To me, the cloud would just be a redundant way of keeping data. I don't have my external drives with me when I'm out and about. So, cloud storage would be a handy way of accessing my stuff. I'm not going to do away with personal storage.
Doing a Google search on cloud computing brings up a lot of providers but doesn't really address the issues that I'm wondering about.
One issue that really hasn't been touched is if another user is infected by malware and they access their data while they're infected, will their cloud be infected also? It sounds to me like it will, and if so, can that infection migrate to other users clouds, or are there safeguards built into the cloud to keep that from happening.
It sounds like security is up to me regarding cloud storage, and it also sounds like current scanners aren't really geared for scanning the cloud like they are for scanning, let's say, an external hard drive.
11-30-2011 11:16 AM
An excellent question, topmahof, and I see you have received some great replies from mlande, PieterV and 1972vet. To address one of your other questions, you can actually store any kind of information you want in the cloud, just as you would store it on a local disk drive. Technically, there may be government regulations restricting what sort of data could be stored, but that tends to be a little unclear when we are talking which jurisdiction takes precedence. Is it the region(s) you originally uploaded the data from? Your current region? The region the cloud providers' headquarters are located in? Or perhaps the various regions in which they host data centers that contain your data.
The best answer may be to assume all of them apply equally and do not upload any content which could be illegal in any region, but that may be something many home users are ill-prepared to manage, given that concepts like public domain, fair-use, and the right to make backups of licensed content vary wildly around the globe.
A cloud hosting provider can access everything you have uploaded to some extent. The cloud hosting provider may be contractually obligated not to look at your data, or may perform encryption or have other technical means of not being able to access your data, but even then, they would still have to do things like respond to legal requests, and the encryption being used may be reversible, and so forth. The provider may also have terms buried deep in its contract to allow service monitoring or other types of integrity management activities which allow them to examine your data, or the metadata associated with it, such as filenames, file types, access dates and locations and so forth.
Because of issues such as these, and others brought up in this thread, I find it impractical to recommend a cloud-based backup strategy for consumers as a primary means of backup. This doesn't mean that you shouldn't use it as a secondary or tertiary backup system, but that (1) you should always operate under the assumption that anything you upload there may be looked at by someone else if you do not properly encrypt it beforehand; and (2) you should operate under the expectation that everything you uploaded may "just disappear forever" one day. If you can plan around those types of events then you will probably be okay, but most consumers do not have the type of mindset that allows them to manage the tradeoffs between the risks of using cloud storage versus the convenience.