OneDrive, iCloud, Google Drive and the rest: how to use the Cloud safely

4 August 2017

The evolution of storage devices has made huge leaps in the last 25 years. Conventional storage media such as CDs, DVDs and memory sticks are slowly disappearing - and the Cloud is increasingly taking their place. And yet, the new technical possibilities are associated with ever increasing levels of risk, and many consumers are afraid that their data could be stolen from the Cloud. Cloud users can protect themselves from data theft by using the following tips.

The massive cyberattack by the name of WannaCry with some hundreds of thousands of victims worldwide has not only shown just how vulnerable systems without up-to-date security really are but also demonstrated how important it is to back up data. After all, many of the users affected by the attack have lost for ever all the photos and documents stored on their computers. And what this means is that you should never rely on just one storage medium! At least one set of back-up copies of your files is an absolute must. The traditional external hard drive reliably protects critical data. But if you really want to play it safe, you should create several backups at once and store your photos etc. in the Cloud as well as on your external hard drive and directly on your computer. And never forget: The backups should be regularly updated so that all relevant data are protected.

Many Cloud providers allow their customers to share data with other users. Users should think twice about using this service. This is because some Cloud services generate URLs for the exchange of videos, photos or text documents which can in the worst-case scenario be found by hackers and made accessible to unauthorised third parties. Some IT experts go so far as to assume that these URLs can be found by search engines. What does this mean for users of Cloud computing? First of all, users should check the permission settings and clarify whether automatic presets mean that they are unintentionally storing data on the Web in a manner than renders them freely accessible. They can also define which users they wish to exchange files with. In addition, Cloud users should regularly maintain and check their own data. Here’s a practical example: If, for instance, documents are shared with other users for the purpose of collaboration, the data should be deleted from the Cloud at the end of the joint project or the access rights revoked.

The Patriot Act, the Federal law passed after the attacks of 11 September 2001, allows American intelligence agencies to gain access without a warrant to the servers of US firms. So if you want to be sure that your documents aren’t going to be read by the FBI, NASA or the CIA, you should definitely check where the server of the Cloud service on which your data are stored is actually located. Ireland is a popular location for many providers. And here’s something you should know: A few months ago, as THE IRISH TIMES reported, a Federal Court ruled that Microsoft is not obliged to disclose to the US authorities the data of a customer that are stored in Ireland.

Unbelievable, but true: The first version of the German-language terms and conditions of Google's Cloud service said that the company had the right to continue to use all the data stored on it. The passage in question has long since disappeared from the terms and conditions, but this illustrates how important it is to carefully check the small print.

What a nightmare scenario: In 2012, hackers got their hands on 68 million passwords for Dropbox accounts - and the access data were posted online four years later. This underscores the importance of well-organised password management, which must observe various basic rules:

1. A strong password includes uppercase and lowercase letters, digits and special characters.
2. A single password should never be used multiple times – every Cloud account should be protected with its own password.
3. The best thing to do is to regularly change the password.
4. It’s possible to store login information online - but doing so increases the risk that strangers will be able to log in. If you use such storage functions, you should always ensure for security reasons that third parties (e.g. work colleagues) never work with this account.

The Dropbox hack did more than merely bring home to people the importance of a good password, particularly a protected one. It also showed that sensitive data in the Cloud that should never fall into the hands of outsiders must be additionally encrypted, for example with a zip program or special encryption software, as recommended by the IT experts from “JAXenter.com”.

Many users try out various Cloud offers before opting for a single one or basically use two or more free Cloud services instead of buying more storage space from a provider. What can quickly happen is that that some of the accounts are no longer used, even though sensitive data are still stored on them. However, this increases the risk that users will lose track or hackers gain access to the accounts. What this means is that you should always delete unused Cloud profiles. And here, too, you will be doing yourself a favour by taking a look at the small print in advance. What does the provider do when the Cloud account is deleted? Are the data actually deleted? Users are accordingly well advised to check when they enter into a contract whether the data will promptly and reliably be deleted at the end of the contract.

In the food industry there are numerous seals that provide consumers with guidance in the thicket of offers, but what’s the story when it comes to a comparable service for users of the Cloud? Providers can now use the new Trusted Cloud Data Privacy (TCDP) profiles to demonstrate that they meet the compliance and regulatory requirements in respect of data protection. Thanks to the associated certificate, users can now see at a glance which provider companies are on the safe side in terms of data protection law.