How Secure Is Your Data When It’s Stored in the Cloud?
Cloud storage is a cloud computing model in which data is stored on remote servers accessed from the internet, or “cloud.” It is maintained, operated and managed by a cloud storage service provider on a storage servers that are built on virtualization techniques. Cloud storage is also known as utility storage – a term subject to differentiation based on actual implementation and service delivery.
It works through data center virtualization, providing end users and applications with a virtual storage architecture that is scalable according to application requirements. In general, cloud storage operates through a web-based API that is remotely implemented through its interaction with the client application’s in-house cloud storage infrastructure for input/output (I/O) and read/write (R/W) operations.
As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive and the like. They’re no doubt concerned about keeping their information private—and millions more users might store data online if they were more certain of its security.
Data stored in the cloud is nearly always stored in an encrypted form that would need to be cracked before an intruder could read the information. Commercial cloud storage systems encode each user’s data with a specific encryption key. Without it, the files look like gibberish—rather than meaningful data. But who has the key? It can be stored either by the service itself, or by individual users. Most services keep the key themselves, letting their systems see and process user data, such as indexing data for future searches. These services also access the key when a user logs in with a password, unlocking the data so the person can use it. This is much more convenient than having users keep the keys themselves. But it is also less secure: Just like regular keys, if someone else has them, they might be stolen or misused without the data owner knowing. And some services might have flaws in their security practices that leave users’ data vulnerable. .
A few less popular cloud services, including Mega and SpiderOak, require users to upload and download files through service-specific client applications that include encryption functions. That extra step lets users keep the encryption keys themselves. For that additional security, users forgo some functions, such as being able to search among their cloud-stored files.
These services aren’t perfect—there’s still a possibility that their own apps might be compromised or hacked, allowing an intruder to read your files either before they’re encrypted for uploading or after being downloaded and decrypted. An encrypted cloud service provider could even embed functions in its specific app that could leave data vulnerable. And, of course, if a user loses the password, the data is irretrievable..