Cloud security

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
Caduceus
Posts: 3527
Joined: Mon Sep 17, 2012 1:47 am

Cloud security

Post by Caduceus »

What kind of documents (personal or professional) would you feel comfortable storing in a cloud? I'd be especially interested in hearing from professionals in this field. Do you recommend against storing things like financial documents (tax forms, bank statements, etc.) in a cloud?

It seems to be getting increasingly common these days, but I cannot bring myself to do it, even though I like how efficient (from an organizational perspective) it is.
ourbrooks
Posts: 1575
Joined: Fri Nov 13, 2009 3:56 pm

Re: Cloud security

Post by ourbrooks »

Secure relative to what threat? If your house caught fire today and you couldn't get your computer out, would you be better off having stuff on your local computer or in someone's server farm? If you do store backups off site, how secure are the storage locations both against acts by people and acts by nature? How often do you refresh those backups?

On the other hand, if you do use cloud storage, you almost certainly want to encrypt your information before you upload it. That raises the issue of the security of the encryption keys. As some bitcoin owners have found the hard way, it's possible to gain access to a person computer and steal the encryption keys.
User avatar
stratton
Posts: 11085
Joined: Sun Mar 04, 2007 4:05 pm
Location: Puget Sound

Re: Cloud security

Post by stratton »

If you're storing sensitive documents in the cloud apply your *own* encryption to them. Not the one provided by the cloud operator.

Whomever has the keys controls access.

Paul
...and then Buffy staked Edward. The end.
THY4373
Posts: 2771
Joined: Thu Mar 22, 2012 3:17 pm

Re: Cloud security

Post by THY4373 »

I won't store anything sensitive in the cloud (unless as others mentioned I encrypted it myself first). In addition to, or perhaps an extension of security, it is clear from several lawyers I have spoken to in my day job (IT security) that there are less legal protections for your data in the cloud than there are on your premises. Even though I don't consider my personal email (about the only cloud service I use) terribly sensitive I only keep a few months of it in the cloud and the rest is backed up and stored locally and deleted from the cloud. One day I'll get off my lazy backside and roll my own email server.

All my documents, photos, and emails are backed up to a second small server I maintain at a family members house in a different state. The data there resides in a Truecrypt container that is only unencrypted while I am syncing my files to it (a couple of hours once every couple of weeks). I have thought about uploading encrypted archives to binary newsgroups (many servers maintain 900+ days of retention) as a free cloud backup with essentially unlimited space but the the encrypted archive would be available to anybody and I don't have that much confidence in encryption :-).
Last edited by THY4373 on Thu Feb 20, 2014 7:57 pm, edited 2 times in total.
THY4373
Posts: 2771
Joined: Thu Mar 22, 2012 3:17 pm

Re: Cloud security

Post by THY4373 »

stratton wrote:
Whomever has the keys controls access.
Or has had a hand in weakening the algorithm and knows how to exploit it ;-)
MathWizard
Posts: 6560
Joined: Tue Jul 26, 2011 1:35 pm

Re: Cloud security

Post by MathWizard »

Given the number of security violations, I would not put sensitive documents in the cloud.
Why should you?

I put electronic data on a USB drive for backup, and store it in my office, vice-versa for office data. I put really important
documents (deeds, loan papers, wills) go in a safety deposit box.

Even RSA security got broken into, compromizing security for people who had paid a lot for the added
protection. That's like the police station being held up.

I would use, but not depend on encryption. Once someone has the encrypted data in hand, they have forever to
decode it.
Post Reply