The cloud offers undoubted benefits, but how to choose between different providers? We must take into account the security aspects offered by each of them before deciding.
Now we all have information stored on our devices: laptops, smartphones, tablets … and other large parts of our documents stored in the cloud: OneDrive, Dropbox and Google Drive for any type of file, Google Docs for all your documents, Calendar for the agenda, Picassa for your photos …
The security of all the information found on our devices depends directly on us, however, the information we have in the cloud is hosted on the servers that compose it, and we share the responsibility for it to be secure with those responsible for that cloud.
That the security of our information in the cloud depends on a third party, has its advantages and disadvantages. The main advantage is that they can provide hourly dedicated server and also allocate more resources to security than we could provide and therefore have a higher level of security. In return, in some cases, we transfer part of the control of our data and these, in turn, are exposed to threats other than those that could affect our information when it was only stored on our devices.
This is why we must know how to choose well which provider we trust our data and what we should look at before deciding. A high-quality internet provider is also important, which you can find here: nexttelecom.com.au.
What are the main threats that can affect cloud storage services?
- Hacking attacks:
The services offered in the cloud are accessible through the Internet and therefore are exposed to malicious attacks that seek to obtain our credentials and information, stop the service or manipulate it in some way.
- Legal requirements:
The servers in which our data are located can be found in different geographical locations, for example, I may be uploading my data from the USA and that the servers are in countries outside. However, their services are provided globally. Therefore, there is various applicable legislation that must be complied with in this provision of services. Otherwise, they may be affected by fines or even the closure of the service.
- Problems related to the operation of systems:
Like all computer services, the operation may be affected by technical problems and as a consequence leave us without access to our information in the cloud.
What can we do to make these problems affect us as little as possible?
Value certain aspects when choosing our cloud. To opt for one or the other, we must not only look at the number of gigabytes each cloud offers us, but it is also advisable to evaluate the guarantees related to the security offered to us.
What security guarantees should we check before opting for one or another cloud?
- Information encryption:
The most important thing that our cloud must guarantee us is the confidentiality of our information, so we must verify two very important aspects:
-
- The first is the use of digital certificates on the web, which provides confidentiality in the transit of information regarding third parties. To verify this, we must only verify in our browser that the address from which we access the cloud services begins with https.
- The second aspect to consider is that our information is stored using encryption mechanisms. This feature is usually announced on the service homepage. If our information is encrypted even if a malicious third party accesses it, you cannot read it without the key used for encryption.
Additionally, some cloud services guarantee a higher level of confidentiality, through the use of encryption mechanisms that prevent them even from accessing our information in a “readable” format. This feature is limited to very specific clouds.
- Robust authentication systems:
To access the cloud services, all require a username and password, however, some also offer the possibility of using two-step authentication systems.
This system improves the security of our account since even if our username and password ended up in the hands of a third party with bad intentions, it would need one more information, which it would not have, to access our data. For example, a message received on our mobile.
- Legal compliance:
The different services in the cloud must comply with the legislation that applies to them where their information systems and their business name are located. In other words, they must not necessarily comply with the legislation of our country.
- Support and complaint mechanisms:
Finally, another important point to consider is the mechanisms that the cloud service makes available to us to contact them in case of any incident or in case we want to exercise our rights on the information that we have deposited in the cloud. It is important to take this aspect into account, to facilitate communication if necessary.
