Cloudy With a Chance of Information Security
The Cloud! It sounds so… ethereal. We’re all going to have computers floating around in the air? What’s going on here, really? Today, let's look at data storage "in the cloud" and how we can use it more safely.
A sticker on my laptop says, “There is no Cloud. It’s just someone else’s computer.” At its most basic, that’s what we mean when we talk about “the Cloud” for any computing or data storage need. We can host the website on a server we buy and maintain, or we can pay someone to host it on their server. We can store our photos and music on disks we buy, connected to computers we own, or we can pay someone to store them for us. When we pay for the service in money or personal info or both, then we’re users of “the Cloud.”
If you keep music, video, pictures or documents in Google Drive, DropBox, SpiderOak, OneDrive or iCloud, you’re a cloud user. If you host a website on SquareSpace, Weebly, GoDaddy or any similar services, you’re also a cloud user. Of course, the fact that it’s someone else’s computer means that we don’t have as much control as we might over how the data we store there gets handled. This is where the security considerations require more thought.
Every cloud service will tell you how secure they are. Every one will tell you about their use of encryption. Encryption matters, a lot. But what matters more is a careful consideration of the “What-Ifs”. It’s what we securty guys call “threat modeling.” You have to imagine the ways in which your information could get compromised, and see if the security measure in place actually protect against the threats you care about.
When DropBox tells me that they have strong encryption I have to think, what is encrypted, and how are the keys handled? When I poke a little further, I learn that they encrypt the data I send there “in transit” and “at rest.” “In transit” means, when I send the data from my computer to Dropbox’s, it travels over an encrypted connection. That’s good. But my “what-ifs” didn’t seriously include, “What if someone eavesdrops on my network connection while I upload the file?” What I did wonder was, “What if someone hacks access to Dropbox’s data center and can go wandering around on their servers, looking at stuff?” The fact that my data arrived there safely last week doesn’t help me now, does it?
Now I consider the fact that they also do “at rest” encryption. That means the data is encrypted while stored on their disks waiting to be retrieved. OK, that’s pretty good. But then one more thing bugs me: DropBox controls the keys needed to open those encrypted files and retrieve them in their original state. If those files are my tax returns, or sexy shots of my lover, I certainly don’t want anyone with access to the keys to be able to look at that! Yet, in this hacker-in-the-DropBox-servers scenario, that is exactly what becomes possible, because the same baddies who can get to my at-rest data can also probably get to those keys.
When I decided to use DropBox (or any of the similar services), I considered these kinds of things. A compromise I made when I decided to go ahead and use their service was, accepting that the data I stored there would indeed be vulnerable to this kind of threat. I also knew I had two ways to mitigate the risk, and I use a combination of both. The first and most important is, I am simply cautious about what I put in there. I put things there that I want to share, that I want available from my mobile devices, and that I don’t care that strongly if they were disclosed. No to tax returns, and to cheesecake shots of my sweetie. Yes to pictures of my cats, social media memes or raw materials for blog posts.
Another mitigation is what I apply to the few things that do need protection but also need to be more widely available: I add my own encryption. If you think of encryption as a secure box to which you hold the key, then you’ll see why this helps. I encrypt my secret data -- I put it in a box and lock it. Then I send it to DropBox. DropBox gets a file from me, encrypts it with their key, and stores it. Now, it’s a box within a box. If someone hacks DropBox’s data center, they can open the box locked with DropBox’s key only. When they get to what’s inside, it’s still locked with my key. And I never send that to DropBox, so my secrets are safer.
Encryption is a lock. Who holds the key, that’s what really matters. The easiest way to add your own encryption to a file or several is to use one of the widely available utilities that create “Zip” or similar archives out of files or batches of them. All of these, in their latest versions, have the option to encrypt the resulting archive with a very strong and reliable system called AES - Advanced Encryption Standard. Just make sure you create a good strong password or phrase (as I wrote about here). And record that passphrase anywhere but in the cloud service where you store the resulting archive.