Everyone who works, studies or likes Computer Science and overall Technology, knows that for sometime now the buzzword on the internet is the “Cloud” and the vision that everything we have in our hard drives will be taken to these big company servers, and we will reach that data through our regular notebook, tablet or smart-phone (example). Our machine won’t need many storage neither processing capabilities because most of the work’s done on the server-side.
Well, the way this system works sounds great but (there’s always a but), in recent months we have been witnessing some of the downsides of this approach, like the personal information of million of users stolen from the “Playstation Network” or Dropbox security bug caused by an update (19/06/11), which allowed all user accounts containing private data to be accessible to anyone without password. As a Dropbox user, this last one affected me but fortunately I’m not a big fan of storing my stuff in the Cloud(I only have some shared folders at the service), yet this makes me wonder if I can trust my stuff to someone else and how can I guarantee that my data remains private?
I’m not against the idea of the “Cloud”, it has many advantages and certainly those guys handling private data of thousands of people know about security than I do, but these recent failures and the possibility that this services could be attacked makes me want to do something to reinforce my stuff’s protection.
So what can we do?
I think to solution to this problem is to add client-side encryption to all the data we store online. This way I can guarantee that I’m the only one who has the password/key to get access to my stuff. So for those who already are Dropbox’s users the online blog LifeHacker proposed using TrueCrypt to accomplish this. You can also try Secretsync which is still in beta but it is a nice idea.
For those who lost all their confidence in these kind of services but still want their data synchronized through all computers (office, home, …) there are open source solutions that require a little more computer skills and/or a server, such as OwnCloud and Syncany.
Summing up, you have to be careful with the way you put your data in the cloud, to stay secure encrypt your files before the upload. This security bugs are bad for the user but they are even worst for companies because their reputation never will be the same, especially if they don’t warn the users.