Blog/Infosec 101/

Cloud storage security: How secure is your data in the cloud?

Nov 14, 2019

What is cloud storage?

Cloud storage is an internet-based solution for storing data. The term 'cloud' is a metaphor for the internet. Instead of saving data onto local hard drives or physical servers, users store it on virtual (internet-connected) servers, which can be accessed from any online device. Cloud-based servers are maintained by cloud computing providers.

How does cloud storage work?

Let's take online banking as an example. Your account is full of personal data: your transactions, balance, address, and so on. But what happens when you log out? Where is all this data stored? It doesn't exist on your computer – it exists in your banks cloud.

Whenever you upload a file for keeping, it's considered cloud storage. A major example of cloud computing you might know is Google Drive. As a cloud-based service, it stores all of its data online, giving users synchronized, real-time access to Google Docs, Google Hangouts, Gmail, and more.

Reasons to use the cloud

Cloud storage has revolutionized everyday life and transformed workplaces. In the last decade, cloud services have grown into a $125 billion industry. Everything from banking apps to government agencies stores user data in the cloud.

Since cloud data can be accessed remotely from any device (such as a mobile phone, laptop or tablet), working remotely is now easier than ever. With the versatility and infinite space of the World Wide Web, we can share files between co-workers in real-time, removing the need for costly in-house data centers and facilitating business on a global scale.

It's safe to say that the cloud has taken the world by storm. Many of us already keep our files, photos, usernames, and sometimes, even passwords in cloud storage. But how secure are they?

How secure is my data in the cloud?

When your data is stored in the cloud, it passes through a remote server. In most cases, your account will also be protected with two-factor authentication, so anyone wishing to gain access must not only know your password, but also a unique code sent to your mobile phone when logging in.

To decipher encrypted files, a hacker would need the encryption key. Without one, a hacker may try to Brute-force their way in – which requires a tremendous amount of processing power, forensic software, and decades of time.

That being said, keeping your data secure is not just your cloud provider’s responsibility — it’s your responsibility as well. In fact, the main culprits behind data breaches are weak, easy-to-hack passwords. During the well-publicized attack on Apple's iCloud in 2014, hackers were able to detect vulnerabilities in the company’s password security system, which allowed them to guess the passwords and security questions of users. The cloud itself was never breached.

Is it safe to store my password in the cloud?

Yes, but only if you protect your cloud storage with a strong master password. The cloud may be super resilient against attack, but it has many doors and guessing your password is the easiest one to open. To create an unhackable password, it needs to meet the following criteria:

  1. Length. It must be at least 12 characters long.
  2. Complexity. It must be a mixture of upper and lower case letters and include at least one special character.
  3. Randomness. Choose random words or nonsensical phrases not found in the dictionary (since brute-force attacks generate millions of user/password combinations a second until they hit the jackpot).

Avoid using anything from your life that can be easily discovered, like names of family members, birthdays, street addresses, and so on. You'd be surprised at the lengths cybercriminals will go to in order to unravel your life.

That being said, we also understand the fear of forgetting complex passwords and being locked out of your account. This is why you should be using a password manager to protect your data.

How do I protect my data in the cloud?

A good password manager is your best friend. No doubt some of you are already one, like those built into your iPhone or Android. The problem with most in-built solutions, like Chrome and Firefox auto-fill, is that they offer minimum protection against attacks.

For example, hackers can show you a fake version of the web page you're trying to auto-fill, sending your information directly them. On the other hand, if your iOs laptop were stolen, the thief would only need to guess your master password to access all of your data.

The best protection against data breaches is a strong, complex password paired with a stand-alone data security tool. That’s why we created our own. NordLocker secures your files in an encrypted iron-like vault, protected 24/7 with cutting-edge cryptography: Argon2, AES256, ECC (with XChaCha20, EdDSA, and Poly1305).

Unlike other cloud-based security options, encryption and decryption happens locally on your device, before it even reaches the cloud. Protecting your most sensitive files from being exposed even if you were to suffer a data breach.

Oliver Noble

Oliver Noble

Verified author

A nerd with a laser focus on all things cybersec. His own words. Oliver’s hobbies away from the computer include reading, Netflix, and testing the limits of yet another Raspberry Pi. To our surprise, this 130-pound ‘nerd’ also bakes a killer pumpkin pie.