How secure is your data? Cloud data storage is becoming a massive industry in this country, and many businesses and other institutions are putting their data into the cloud. Some of this data is pretty harmless. Other stuff — like hospital records, banking information, or company payrolls — are prime targets for bad actors. Is the cloud storage trade-off worth it?
The short answer is yes, but only if your IT guy is encrypting your sensitive data.
Every cloud storage company you talk to will claim to take top-of-the-line security measures on behalf of your data. But that, in a nutshell, highlights the problem with cloud storage. Your data is entrusted to a third party for safekeeping. It’s possible that they’d do everything in their power to safeguard your information. But bad things, like ransomware, phishing, or just plain going out of business, do happen. And when they happen, it’s not the cloud storage company whose data is on the line; it’s yours.
Even if that doesn’t occur, let’s be honest. Most of the major cloud storage companies are based in the United States, the U.K., or France, where they could be subject to NSA snooping (or questionably legal surveillance from any other government entity). Despite the best efforts of many storage companies to prevent government intrusion, your data could still be at risk, even when it’s locked up tight.
This brings us back to encryption, which is the hands-down best way to protect your data, period. It’s just like locking sensitive data in a box, with a password needed to reopen it. Even if someone gets ahold of the box, if they don’t have the password, there’s nothing they can do with it. There are a lot of encryption tools out there and you’ll want to make sure that you have the right one for your specific needs. If you ever need a recommendation, don’t hesitate to reach out and ask! We’ll be happy to provide you with the specific recommendation (free or paid) that fits your needs.
In addition, most cloud storage companies protect your data with their own encryption, but this isn’t as secure as encrypting your own information. That’s because the cloud storage company has the encrypted data in its possession, but it also has the keys to that data. If someone can get in, they can probably get the information they want. And a disgruntled employee — or just a hapless one — can also provide hackers access to the system through good old-fashioned human engineering.
If the cloud storage company is compromised (and it happens quite often), will your data be secured or unsecured? Well, if you’re encrypting your own data before uploading it, then the bad actors will open up the safe to find … a bunch of locked boxes. Pretty frustrating, right? On the other hand, if you’ve trusted the cloud storage company to take care of everything, you’re going to have a bad day.
As you can tell, it makes sense to have your IT guy encrypt everything that gets put on the cloud before it gets there. But remember, just as your cloud storage provider is vulnerable, you can be vulnerable as well. It’s less likely that bad actors will target your company specifically, but if they want your data bad enough, they’ll go to great lengths to get it.
Many people have a misconception that these criminals will just use a magic program to crack your encrypted files. Decryption does exist, but it requires a lot of time and processing power. It’s far more likely that hackers will target your email or other aspects of your system and try to find out the encryption codes that way. And never forget that people are the weakest part of your IT security. Educate employees so they aren’t vulnerable to phishing scams, downloading questionable software, and visiting the wrong websites.
Present a “hard target” when it comes to your cloud storage, and seriously, encrypt your data before you put it online. If your IT guy isn’t doing that already, you need a new one.