How to control the keys to your cloud storage castle
Cloud-based storage and synchronization services, like Dropbox and Apple's iCloud, offer convenience for those of us who are on the go, and need (or want) access to our data no matter where we are, so long as you have an Internet connection or the data synced before you went offline. But as useful as these types of services are, they introduce significant risks for any data you store there, whether purely personal or financial, legal, or otherwise professional.
Cloud storage typically relies on a very weak primary link: a single password that protects access to your account. That bit of text and numbers is the only thing that stands between criminals who use stolen information for identity theft, scams, and bank-account hijacking (among many other purposes), and your private details. If someone gets ahold of your password–be it through a security breach, a good guess, or keystroke-logging malware–your personal data is there for the taking.
It doesn't have to be that way. You can own the keys to your own castle, or, at the very least, have securely locked rooms that are impossible to penetrate even when marauders have sacked the rest of the establishment. Here's what you should know about how cloud storage services keep your data safe, and some ways to make sure that it doesn't fall into the wrong hands.
How most current systems protect your data
Nearly all current Internet-based storage, backup, and sync systems use encryption keys held by the service's operator. A key is a string of bits—typically at least 1,024—that is used in conjunction with an algorithm to render plain data indecipherable to all but the key holder. Without the key, there's no chance of turning the jumbled data back into something that makes sense.
The password that you set for a service that handles all its own encryption–whether that service is from Apple or Google or Dropbox or whomever–doesn't scramble your data. Rather, it either validates your identity (thus proving you have legitimate access to your data), or it unlocks the actual encryption key, which remains in the hands of the service operator, and is used solely on its servers. In any case, the password is stored safely (one hopes) by the company in a database. (This storage is cryptographically protected typically through a one-way encryption algorithm, known as "hashing." Good systems also add "salt," or random text to the plain password before it's hashed, which helps prevent mass cracking by making each hashed password in the database unique from all others, even if the plain text is identical.)
If someone manages to guess, discover, crack, or reset your password (and obtain the reset link or replacement), your account will be compromised. Google's long experience with account hijacking lets you set some protections in Gmail to warn you or block certain kinds of account logins. Many services also temporarily lock your account after too many failed login attempts, but they make little effort to tell you when someone attempts to gain access to your account. Google also offers two-factor authentication, where one needs both a password and another form of authentication, such as an electronic card that generates a constantly changing second passcode or an app that performs the same function. Google’s method sends you an SMS text message with a code, and you must enable this security for all Google services associated with an account. None of the other major sync and software services offers this option.
Cloud services use various encryption keys to scramble data in transit, and to protect all the data stored on their servers. The data gets unencrypted on your end by your device (unless other protections are in place), and is held briefly in memory or temporary files on the cloud servers as it transitions from transit to storage or vice-versa.
Regardless of what clever fashion the service uses to tuck its keys away, the company has to provide access to its server software to handle all the encryption and decryption as data moves around. Further, some individuals in the company have to have access to the keys, whether to update them or to deal with a government subpoena. Firms provide varying information about how they secure such keys, and they may routinely have third-party auditors come in and review their security procedures, as well as hear from independent researchers who may compliment or complain about the firms' encryption and privacy protections.
That is all well and good, but you can take additional steps to ensure that only you have access to data stored elsewhere. There are several strategies you can employ and choices you can make to be sure that you're the only one who can crack your files and information.
Pick a provider that uses unique keys
You have two main strategies to avoid using a cloud service as your encryption proxy, and keeping all the keys to yourself. The first option is to pick a sync, storage, or backup service that generates the encryption keys via software on your computer or mobile device. A few companies with at least a few years each under their belt offer such options. The second is to use your own encryption software to protect your files in backups and cloud storage, described just below.
SpiderOak, which offers backup, sync, storage, and file sharing, derives an encryption key from the password you set. It uses your password to create a key that lives in the SpiderOak app on your phone or computer, which is then encrypted and stored at SpiderOak's servers. Without the password, the key can't be extracted. SpiderOak encrypts your data before sending it to SpiderOak's servers–instead of on the server itself–as an additional safeguard.
SpiderOak does allow you to access your data from its Web site or via its free iOS app using the password, which does expose some brief risk: It uses your password to extract the key in order to access stored data. The company also offers a way to share files among multiple parties through what it calls a ShareRoom. Folders assigned to that room aren't protected by your own key, but by SpiderOak encryption.
SpiderOak offers a free account level that includes all features and 2GB of storage. Paid accounts start at $10 per month or $100 per year for each 100GB unit (or fraction of the next 100GB).
CrashPlan focuses just on archiving and retrieving files, and encrypts data before sending it. Like SpiderOak, it can store the backup password on its servers, but it doesn't have to. CrashPlan has three security options: The first works like other cloud systems where the account password protects access to the encryption key stored in CrashPlan's systems, and you can reset it if you forget it. The second relies on a private password, which is never sent to CrashPlan. Only the encryption key secured by the password is sent. If the private password is forgotten, there is no way to ever recover backed-up data.
The third option is for hard-core users, and it allows for setting the long encryption key itself, and securing it by your own means. The generated key can be different for every computer associated with an account, and it's never stored on CrashPlan's servers in any form. The downside: If you lose the key, your backed-up data is gone forever.
CrashPlan's free iOS app for remote status checking and restoring files to an iOS device works fine with all three password and key options.
CrashPlan has several plans for home users and businesses. Home plans start at $2.50 per month for up to 10GB from a single machine to $12 per month for unlimited data from up to six computers, with discounts for year and multi-year purchases. Business plans start at $17.50 per month for 50GB of storage split among three computers and $22.50 per month for unlimited storage for three computers. Discounts apply for higher numbers of computers and yearly prepayment.
Jungle Disk (part of Rackspace) generates a key from a password you set, and stores that key encrypted on its servers, but not the password. You can use Jungle Disk just to back up data, but the service also works like a network-mounted remote drive, encrypting and decrypting locally on the fly. Its free iOS app also allows remote browsing and retrieval.
Use encryption software with any provider
The second alternative is to use software that encrypts data into bundles that work as virtual disks that you can store anywhere, including on sync and storage systems like Dropbox, Google Drive, Box.net, SugarSync, and many others. Three options stand out.
First, a word of warning: In all three cases, with Disk Utility and Knox, you cannot have the virtual disks mounted or open in the software on multiple machines without causing sync errors (called "conflicts") or file corruption. Make sure you unmount drives before moving from one system to another. BoxCryptor says its software is resilient enough to cope with a virtual disk mounted on multiple synced systems, but we haven’t tested this option thoroughly enough to confirm it.
Disk Utility on OS X has a built-in option that lets you encrypt a disk image when you create it. It's a good idea to use the "sparse bundle" format as that disk image format only takes up the necessary space for files stored in it (the "sparse" part), and grows on the physical disk to accommodate new files up to the maximum size. The "bundle" element divides the virtual disk into small chunks to reduce the churn of updating pieces for backup. As the volume's contents change, only the necessary individual bundle pieces need to be synced.
Disk Utility lets you set a password that protects an encryption key. Lose the password, and the key is gone for good–the disk image's contents irretrievable. One thing to note is that sparse bundle images can't be opened and viewed in iOS.
BoxCryptor offers encrypted archives that you can mount as a drive; they work much like sparse-bundle disk images, but with the advantage of access via a free app for iOS and Android. A free version limits use to a single mounted volume. The $40 personal flavor can encrypt filenames and create unlimited volumes, while a $60 business version is licensed for commercial purposes.
Knox from Agile Bits relies on Apple's sparse bundle disk images, but provides a solid user interface to manage passwords, mounting, and even automating backups to the volumes. There's no iOS client. The software costs $35 for a single-user license, or $60 for a five-user family license.
The only downside in overlaying such encryption software with sync systems is that you can dramatically increase the amount of data that is uploaded with every change and downloaded to all synced machines.
It's your castle, darn it
Not everyone wants to hold the keys to their own data, and would prefer a trusted provider takes that role on, partly because the loss of a password or key means absolutely no way to restore data or access files that are locked away. But if you're interested in maintaining your own data's security, you can leverage a cloud provider or software to be the lord or lady of your own domain.