While not everybody may be familiar with exactly what “cloud storage” means, there’s a good chance you’ve heard of services like Dropbox, Google Drive, OneDrive, and iCloud. These are “cloud storage” services — quite simply companies that offer storage space “in the cloud” for you to save your data on their servers, either in addition to, or instead of, your own local hard drive. So what’s “the cloud?”
At a basic level, cloud storage is really just about using other companies’ servers to store your files. However, unlike using your own local storage, cloud storage presents a number of questions and issues that need to be addressed — as soon as your data is being stored outside of your own direct control, many will have reasonable concerns about issues such as security, accessibility, reliability, and more.
In this multi-part introduction, we’ll first discuss some of the things to look for in a cloud storage provider, and then run down a comparison of some of the options out there and how they stack up in each area.
We’ll begin by addressing the biggest elephant in the room. The number one objection against cloud storage is that of data security. Put simply, when your data resides on your local hard drives in your own home, you know who has access to it, and — barring the presence of malware or other security issues on your PC — chances are that the data never leaves your direct control.
Cloud storage, of course, opens up a whole new set of concerns, since your data is outside of your control — it’s living on servers owned and operated by big companies like Google, Apple, Microsoft, or others. This requires a higher degree of trust in the company that you’re dealing with — that these companies and their employees won’t look at your personal data or use it for their own purposes, that they will have the necessary security features in place to both protect your data from unauthorized access by others, and that they can ensure that your data is safely and properly backed up.
The very first thing you should look at when dealing with a cloud storage provider is what its privacy policies are. Any reputable company will have detailed policies published on exactly how they will use your data and what they can do with it. Although at once time these were buried in legalese, most companies have now done a better job of distilling the important parts of their privacy policies into plain language with versions of their policies that can be understood by normal humans and not just those who happen to have law degrees.
Most of the big companies now even offer “Transparency Reports” that give you insight into how often they’re required to comply with requests for data by government agencies.
“Check The Locks”
If you’re going to keep your stuff in somebody else’s house, the next question you’ll want to answer is exactly how secure the front door is. In other words, how do you know that you will be the only person able to get at your data?
Once upon a time, everybody considered a password to be adequate security, but most of the world has moved on from simple passwords into more sophisticated authentication systems. Although almost all cloud service providers allow you to use just a password if that’s all you feel you need, numerous other options are available, usually in the form of “two-factor” or “two-step” verification systems that require that you supply your username, your password, and something else like a time-based or “one-time” code that changes with each login attempt. This code is usually sent to your via SMS, e-mail, or generated in an “authenticator” app.
[Find out how to add two-step verification to some of your most popular accounts.]
If you’re very serious about security, some providers even offer an even more stringent second factor in the form of a physical security key that you’ll need to either connect to a USB port on your computer, or authorize on a mobile device using NFC or Bluetooth (BLE), making it virtually impossible for anybody to access your data without posession of the actual physical key.
Don’t Forget The Back Door
It’s important not to get so caught up in fancy and cool front-end authentication methods that you miss the back door — in this case, the methods used for password resets and account recovery. Most cloud providers recognize that there’s a risk of you forgetting your password or losing your second factor authenticaiton method (i.e. your cell phone, authenticator app, or physical key), so they have to provide a way of resetting your password. It does little good if your front-end authentication requires a 50-character password and a PIN-based physical security key while the entire thing can be defeated by telling the provider you’ve forgotten your password or lost your key and then simply supplying the name of your cat to have them reset your password.
A good provider will require multiple levels of validation before letting you back into your account, but if you’re concerned about security, it also helps to answer “security questions” with something other than the truth — just because a question asks what your cat’s name is doesn’t mean that’s what you have to actually type in.
How Is The Data Stored?
What about the actual data on the company’s servers? Is it encrypted in such a way that somebody can’t just walk out the door with a hard drive and have access to all of your data? Fortunately, for most of the big providers these days, the answer is “yes” (up to a point), but it’s still something you’ll want to double-check in the company’s policies.
In general, there are actually two levels of encryption to be considered here. Most providers do encrypt the data you store with them to prevent accidental disclosure, but that doesn’t mean they can’t read that data themselves. Usually this form of encryption is done with a common set of “keys,” where everybody’s data is encrypted in the same way. It prevents somebody from just grabbing a chunk of data and accessing it, but it doesn’t really keep your data entirely private.
However, another crop of smaller providers has popped up providing “no knowledge” cloud storage. Without getting into too many technical details, these companies encrypt your data with a key that’s unique to you, that only you know. In essence, your password is the only way to decrypt your data, and as a result, nobody else can access your data. These providers offer the best privacy by far, since they have nothing to disclose even if they’re compelled to do so by court order — they can’t hand over what they don’t have. Of course, this requires that you actually trust the provider and their system design, though you can often find third-party experts who have validated many of the bigger providers making these claims.
Security isn’t the only thing to consider when choosing a cloud storage provider, but we think it’s the most important for anybody who is serious about using cloud storage. In our next part, we’ll look at some of the other factors that you should consider as well, such as reliability, usability, platform compatibility, and pricing.