Are You a Closet-Cloud-Confusee? Understanding The Cloud and What it Means for Your Security

Invariably, if you use the internet a lot, you probably hear the term “The cloud” pretty often. You know, it comes around in statements like “Oh, now we’ve moved over to the cloud” or “Use our cloud-based software!” You just smile and nod, as if you totally understand, you are down with this cloud thing. But really, you’re saying to yourself “Oh great, that cloud thing again. Now what the heck does that even mean?”

We figured that you might be a closet-cloud-confusee, so we’ll help you understand just what the cloud is and how it matters to your security.

Earth No, Computer Science
Once upon a time, the only clouds we ever talked about were cumulus, cirrus or had silver linings. Now we talk about different clouds, not made up of liquid droplets but instead the ones that hold the bits and bytes of your data.

You might be thinking “Hold them horses! How did my bytes and my data get on to this cloud thingy?” Well, that’s easy – you put it there.

Okay, let’s back up for just a moment and think about it this way – In simple terms, “The cloud” is really just a metaphor for the internet and “cloud computing” is when you access and store files over the internet, rather than on your personal local hard drive. Mega-tech giants like Google, Amazon, Microsoft and Rackspace essentially rent out space on their servers, allowing companies and individuals to store their stuff there. Some notable examples of businesses that use the cloud are Netflix, who uses the Amazon cloud (AWS) and Coca Cola and Best Buy, who rent out space on the Google cloud. It’s not only about using their servers but also having access to their world-class tools and services, which is an important plus for businesses.

Surprise! You’re in the cloud!
Now back to you – You likely have at least a portion of your personal information stored in the cloud, that is if you have a Gmail/Google Drive account. When you sign up for a Gmail account you not only get an email address, you also get 15 GB of data storage for free. Pretty sweet, ‘eh? Keep in mind that this space is shared across all your Google-associated accounts like your Gmail account, your docs and your Google Photos so even though it’s a sizable amount of space, you might end up maxing out eventually. (If you do max out, that’s okay – just start deleting the stuff you don’t need and voila, you’ve got yourself more free storage space – yay! Alternatively, you can just pay for more space on one of their plans.)

Other common cloud-based accounts you might use are DropBox, iCloud (that one was pretty self evident, now wasn’t it?) Amazon Drive and Microsoft OneDrive. At their core, they all function in pretty much the same manner, with a local folder on your desktop or inside the application that’s linked to a duplicate cloud version of the file back at the main server. And as long as you have your password and login info, you can log on to your account from any device, anywhere. This is an awesome perk of cloud computing – If it ever happens that your computer crashes or gets crashed, you can still access the files saved in your cloud accounts. (Side note, Although truthfully, when it comes to restoring files lost in crashes or other worst-case-scenarios, it’s much better to subscribe a cloud-based backup service like Crashplan, Acronis, Backblaze, or iDrive, as these services backup all your files and folders automatically, not just the ones directly connected to cloud services like Google and DropBox)

What about security?
But if you’ve been reading the RCS blog long enough, all this ease-of-access should set off some bells in your head. After all, if your information is being stored on somebody else’s server, what’s protecting the integrity of your data? And after all, iCloud was hacked back in the summer of 2014, spilling inappropriate pics of celebs that had been stored in their personal iCloud accounts on to the internet – So is it really all that smart of an idea to store data in the cloud?

The simple truth is that data storage in the cloud is pretty secure. (In fact the infamous iCloud hack wasn’t really a hack to the iCloud server itself, it happened because of a vulnerability in Apple’s password system, allowing hackers to guess the celebs passwords.) When Google, DropBox, Amazon or any other cloud-based provider stores your information, it is immediately encrypted with varying high levels of encryption, according to the provider. So while information on the Google cloud is encrypted in 128 bit AES and DropBox uses 256 bit AES, this isn’t akin to saying Google uses SPF 5 to block the sun’s harmful rays and DropBox uses SPF 65 to block those same rays, ergo DropBox must be 60 times more powerful. Using the sunblock analogy, it’s much closer to saying that Google uses SPF 65 and DropBox uses SPF 70 – Really, after SPF 40, they are all going to accomplish their job pretty well.

And the other simple truth is that the idea of keeping your information stored exclusively on your hard drive has one major knock against it – You. The mere fact that your external hard drive has to be managed by one single person, who may or may not have a high level of tech proficiency (okay, call it a high level of geekdom) means that it’s potentially open to more hacks than information stored in the cloud. Then there are all the physical mishaps that could, in theory, zap your hard drive as well – fires, burglary, the zombie resurgence, you get the idea. It’s also cumbersome and bulky to transport so you could just download the files you need onto a flash drive – But that in-and-of itself is a bit of a process which could get the less-technically inclined among us into trouble.

The fix is in – Enable multi factor authentication and use strong passwords

If you’re still not comfortable with the idea of keeping all your data behind a simple password (good thinking!), you should really consider enabling multi-factor authentication (also called 2-step authentication and 2FA by some companies). What this means on a practical level is that every time you log in to your cloud account you’ll have to enter not only your password but another factor as well . The axiom for understanding what is needed in the process is “ Something you have and something you know” The something you know part of the statement is easy – that’s your password, PIN or another piece of information that you have designated as how you identify yourself. The “something you have” part refers to something that only you have, like a biometric factor (such as a fingerprint) or a code sent to your phone in an SMS. Sure it’s more work, but it’s a heck of a lot harder for a would-be criminal to breach a cloud-based account that’s protected with multi-factor authentication. When used in conjunction with a strong and unique password, your cloud-based accounts should be a-okay.

So this cloud thing turns out to be a pretty convenient and nifty way to store and access your data. Making sure you take the right precautions will help make it a safe way to store your data, too.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s