There was a time when the word “Offsite backups” sent confusing shakes down the spine not quite knowing, how, what and where things were going, stored and secured.
If we look at the big players in online storage it seems that they’ve certainly got a better setup and understanding than all of us put together so let’s have a look at what’s on offer.
Dropbox, iCloud, Google Drive and OneDrive are the names most people will have come across so let’s have a quick look at how secure these services claim to be.
Dropbox
Dropbox is one of the big players who’ve had security scares and come out alive.
Back in 2012 they admitted that a password had leaked giving access to a employee account and this continued a document containing some emails which were spammed.
Stored data was never at risk, but it gave a clear indication of how a reputation could be dented in the cloud industry. Since then Dropbox have upped their game on the login front with optional two-step login and apps to add more security.
The data you keep at Dropbox cannot be viewed by the employees, but metadata can be accessed in case they need to provide you with support. That said they also make it clear that there is a team at the company who can access the files if required for legal reasons.
Any time you upload or download a file, the transit is encrypted using SSL and this is also the case when the files are actually in storage or at rest. They’ve also made it easy for you to unlink a pc or device in case it is stolen, by logging into your account.
The Pro version of their service also allows you to enable permissions so you can setup collaborative use and set passwords and expirations for shared links etc.
iCloud
Apple has a pretty good reputation regarding security, but they did have a minor hickup when some celebrities had images pinched from their accounts. That said it was traced back to those celebs having their Apple accounts compromised through phishing attacks elsewhere.
Apple says that their way of working sees data in transit and at rest using SSL. But saying that, they don’t claim 256 bit encryption, rather 128bit which is a lot less secure.
Google Drive
The first time i logged in to Google Dive i was quite spooked by the interface. Lots of bits there along with random image from my phone etc.
Last year it was claimed that nearly 5 million Gmail accounts were hacked when a database was loaded onto a Russian security forum for all to see.
Something for me to consider is that Google has decided that your account login for Gmail will be the same one used to access the Drive and so on. This is something to consider when setting passwords and making regular changes.
Google now uses https on all of its services and also uses complex system to analyse unusual login and activity. they’ve also implemented a 2 step-verification
That said the data is encrypted in transit using SSL, but only stored at rest using 128 bit AES like the iCloud.
OneDrive
The big one here is encryption. At rest you only have encryption for business users. For me that is just pointless as we’re all paying customers in one way or another with Microsoft.
Anwyay, is OneDrive secure? To date no major breaches have been publicised. That isn’t to say things haven’t gone on, but it hasn’t made it to headlines.
Something a bit more unique is Microsofts choice to scan your data and if they find it objectionable, they will delete it from their servers.
There is the optional 2 Step-verification available to protect your login along with a per file encryption key if you’re a business user so if some did manage to gain unathorised entry, then you have a chance of only having 1 file breached.
Summary
As with all things security, it’s not as simple as good and bad or right and wrong.
It clearly seems that having a 100% guaranteed life with anything IT related is almost impossible with technology moving so fast and hackers becoming more and more advanced.
I would say that with most providers encrypting the data in transit, that is a pretty safe bet for most small companies or individuals.
If this sort of information is so critical to life and limb then maybe online storage is now for you. Keeping things offline and under lock and key in a vault may be a better option.
