Most owners of computers and mobile devices have been using cloud storage for more than a year. It can be Google Drive, Microsoft OneDrive, Dropbox. These are just a few of the many popular cloud storage services. Among them there are many different and inexpensive options. Once you’ve made your choice, you’ll be able to access your files from anywhere and save them in case something happens to your computer or mobile device. Then you can download these files from the cloud.
Someone chooses cloud storage by how much disk space is offered there for free. For some, compatibility with their installed programs and services is important. For some, privacy is most important and such people are looking for the most reliable services.
Why use cloud storage?
Many popular cloud storages are quite convenient, but they have a critical drawback for those who value their privacy. This is the likelihood that outsiders will be able to access your files.
This statement may seem strange. All services use reliable data encryption algorithms. The data is also encrypted during transmission. What could be the danger?
Encryption of data protects them from outsiders. If a hacker intercepts your traffic, he will not be able to decrypt the data. Unlike the cloud storage service itself.
Most of these services encrypt user data themselves. This means that they have encryption keys and can both encrypt data and decrypt it. Users can only hope that the services will not look into their files. You will also have to trust the services to store the encryption keys so that they are not stolen by attackers. It is also to be hoped that your data will not be decrypted and handed over to the authorities if such a request follows.
The only way to save your data in cloud storage is to choose the right service.
By what parameters can cloud storages be considered safe?
The secret of the reliability of cloud storage lies in encryption. First of all, who controls the keys for encrypting and decrypting data.
In the examples in this article, the cloud storage provider is responsible for encrypting and decrypting your data. Therefore, it is he who stores the encryption keys.
Cloud storage services use different methods of protection. Data can be stored in secure rooms with armed guards and biometric locks, just like in a James Bond movie. They can be encrypted with the latest algorithms that even supercomputers can’t handle.
Questions and answers about secure cloud storage
When choosing the best cloud storage service when you need protection and privacy, there may be some questions. This article provides answers to them.
Does it matter in which country the service operates?
The country where the service is located can play a big role. Different countries have different laws regarding the transfer and storage of data on the Internet. Laws in some countries respect user privacy more than laws in other countries. Countries like Switzerland have laws that strictly protect personal data. Countries like the US or the UK have a worse reputation for protecting privacy.
For cloud storage, the host country is not as important as for other services. The reason is that the cloud storage service cannot always decrypt your data. If you have encryption keys, then the data is protected. Even if the service is instructed to turn your data over to the police, or if hackers break into the vault, they won’t be able to read your data.
This does not always mean that the service does not know anything about the data that you store in it. Depending on the principles of the secure cloud storage, the service may have access to the following information:
- Payment information. Name and other data specified during registration.
- metadata. When you enter and leave the service, your IP address and other information.
- Who do you give access to encrypted files.
- Names of files and folders where the encrypted data is stored.
The user needs to consider protection against threats so that the data does not fall into the wrong hands. You need to take into account how the country where the service is located affects these threats, and only then choose the service.
Does the country where the data is directly stored play a role?
The service can be registered in one country, and the data is physically located in another. For example, for Sync.com, it is Canada in both cases. MEGA is located in New Zealand and may store data there. Or stores them in unspecified European countries where there is allegedly an adequate level of protection in accordance with Article 45 of the GDPR. Where data will be stored is decided based on your location.
Why is it important in which country the data is stored? Local laws govern the operation of servers located in the country. Imagine that some cloud storage service is headquartered in Switzerland but stores data in China. China is considered one of the most dangerous countries in terms of privacy. Local laws will govern the servers with your data and the company will have to obey them, not the secure Swiss laws.
What is the best way to protect data in reliable cloud storage?
There are different approaches to protecting data in cloud storage. There are three factors to consider: data in transit, data stored in the cloud, and data on your device. During the transfer process, data is sent from your computer, smartphone or laptop to the server and vice versa. Otherwise, the data is stored on the server or on your device.
- Data in transit
For a system to be considered reliable, the data in transit must be protected by one of the protocols so that no one can read it when intercepted. When transmitting data on the Internet, TLS / SSL encryption is usually used. It is applied before the data is sent to the Internet, and is removed when the data has arrived in the cloud storage. The same happens when data is transmitted in the opposite direction.
TLS/SSL encryption provides a reasonably secure data transfer, but it doesn’t work once the data has arrived at its destination. If the data you send to the cloud storage was not encrypted before TLS/SSL encryption is applied to it, the data is unencrypted upon arrival and can be read.
Note: data can be transferred in two environments. These can be public networks like the Internet and private networks like the local area network in your home or work. Typically, private networks are more secure than public networks. Some secure cloud storage services allow you to store your files on your own hardware within a private network, which can increase their security.
- Data at rest
When information is not transmitted, it is stored somewhere. When you store your files in the cloud, they are stored on servers somewhere. In order for the data to be protected, unauthorized access to it must be closed. Protection can be physical and procedural. Servers should be in a secure location and should not be accessible to outsiders. Many cloud storage services provide this protection.
The problem with this type of security is that you need to trust the service to protect your data. If their security procedures fail, or someone breaks into the file storage location, your data could fall into the wrong hands.
A more secure option for storing data is to encrypt it before sending it to servers. Only those who can decipher them can read such data. Typically, the AES-256 encryption algorithm is used.
Use TLS/SSL encryption for data transmission and AES-256 or a similar modern and strong encryption algorithm for data at rest. This will be almost the maximum possible protection.
Who holds the keys to your data?
Only those who have the encryption keys can encrypt and decrypt data. In many cases, the encryption keys are located in a cloud storage service. The service uses TLS/SSL protocols to transfer data, then applies an encryption key and stores the data on its servers. This is convenient, but you must trust this service to protect your data.
A more secure approach is to store the encryption keys yourself. The most secure systems do not know the encryption keys. The app on your device uses keys to encrypt data before sending it to the server and to decrypt it when it receives data from the server. There are no keys on the server itself.
This way you don’t have to trust someone to store your encryption keys. You just need to trust the service application that it will not send the encryption keys to the service. If it’s open source and popular enough, you can almost be sure there won’t be any tricks. Enthusiasts versed in programming check the source code of such applications and analyze all their possibilities.
You also need to think about the security of data storage on the device. Most cloud storage services, even the most reliable ones, only protect data once it has left your device. If someone gains access to the device, they will also have access to your data if it is not encrypted.
In NordLocker, the data in the cloud storage is also encrypted on user devices. To decrypt them, you need to sign in to your NordLocker account. Encrypting data on a user’s device provides an additional layer of protection.
Such systems, where only the user can encrypt and decrypt their data, are called end-to-end encryption. Unless you’re using a service where data is stored on its own secure private network, some form of end-to-end encryption is required for maximum security.
Why pay when free cloud storage exists?
If you don’t have money to spare, using a free cloud storage plan seems like the best option. While attractive, there are several reasons to buy a paid subscription instead of using the free plan.
- Disk space limits. There is almost always something missing on free plans. First of all, the available disk space is limited. Usually a few gigabytes are given, while on paid plans the amount of disk space can be hundreds and thousands of times higher. Sometimes there are even unlimited tariffs. There may be limits on the size of the files you can put in storage. There may be limits on the amount of data that you can transfer to storage per day or month. In some repositories, full functionality is given for a short time, this is the so-called trial period.
- Limited support. Providing technical support costs money. On paid plans, support is usually provided via email or chats. In the case of free plans, you have to rely on the question-and-answer section on the service website or look for a solution on forums where users try to help each other.
- Limited functionality. The paid plans of most services have additional features. For example, file history or longer history compared to free plans, two-factor authentication, business-oriented features. The latter may include collaboration tools, centralized user management, advanced reports.
It is always recommended to try the service’s free plan first before making a purchase decision. If you have important enough data that you need to protect as best as possible, you should purchase a paid plan.
Should I use a VPN when using cloud storage?
Secure cloud storage is designed to protect user data, but this does not mean that they do not collect any information about users. Many keep records of user activity on the service. The date and time you logged into the account, how long you were there, IP address, etc. may be recorded.
Collecting personal information and linking it to an address can be useful for the services themselves. For users, this poses a potential threat. To avoid this threat, you can use a VPN service when connecting to cloud storage. In this case, the storage will not record your real IP address, but the IP address of the VPN server. Since each VPN IP address is given out to dozens and hundreds of different people, it is almost impossible to determine who is hiding behind this address.
The best of secure cloud storage
Below is a list of recommended services that perform well in terms of security and privacy.
Tresorit is the best secure cloud storage
Tresorit can be considered the most reliable cloud storage and is located in Switzerland. It uses end-to-end encryption and a full range of functionality for businesses, teams and individuals. If you’re looking to protect your organization’s sensitive data from intruders, comply with industry regulations, and manage your organization, this service might be right for you.
Tresorit’s business-focused rates will enable you to manage and analyze how employees use the service. The service complies with HIPAA, GDPR, FedRAMP and many other data protection regulations. This makes it suitable for numerous enterprise applications.
This service gives corporate users the ability to choose exactly where their data will be stored geographically. This is important for transnational corporations. Tresorit offers all of this along with third-party penetration tests, source code, and crypto reviews. This makes the service a good choice for large companies that are willing to pay for reliability and security.
For ordinary users with a small budget, the service may not be the best option. Although there is a limited free version here, other services may have more attractive ones. For home users, paid plans may be overkill and you may have to pay for features you don’t need. For enterprises, development teams, and other secure cloud service seekers, the functionality here is one of the best.
Sync.com – zero-knowledge cloud storage from Canada
The next most reliable cloud storage is called Sync. There are tariff plans for individuals and enterprises, for the former they are better suited. The zero-knowledge infrastructure appears to be as reliable as possible, although the results of third-party tests and audits are not published, at least not yet. If 5 GB of disk space is enough for you and you can do without a synchronized Linux client, you might like the free plan.
For corporate users, the situation is a little more complicated. An unlimited data plan and bandwidth, along with the functionality for working in a group, can be useful. The advantage is compliance with HIPAA, GDPR and PIPEDA requirements.
However, the need to store all data in the Sync folder can lead to conflicts with other important applications and services. The lack of publication of third-party penetration tests and certificates can be a disadvantage for corporate clients.
NordLocker is an all-in-one encryption and cloud storage system
Services like Tresorit and Sync.com are reliable cloud storage services. NordLocker is primarily a data encryption service with cloud storage capability. This is an important difference if you want maximum security.
Other secure cloud storage services encrypt this data when it leaves your computer. Even the provider itself cannot decrypt the data, let alone everyone else. What happens if someone gains access to your computer? In this case, you will have problems. Although files are encrypted when they are transferred and stored on servers, they are not encrypted on your computer. If someone has access to it, there will be access to the files.
NordLocker brings an extra layer of protection. Users can put files and folders in a special folder called locker. There they are automatically encrypted and are available only when NordLocker is unlocked.
The locker itself is compatible with almost any cloud storage service. NordLocker also has its own cloud storage. If you already have a vault, you will be able to use NordLocker with it, regardless of whether this storage service is reliable or not and in which country it is located.
NordLocker also protects your files and folders, even if outsiders have access to your computer. If you are not signed in to NordLocker, no one will be able to decrypt the contents of the locker, even sitting in front of a computer.
Nextcloud is the best cloud storage for self-hosting
Nextcloud is different from the other services reviewed. Primarily because it is a FOSS system (free and open-source software). This means that you can use this system anytime, anywhere, and for free. Since the system is open source, anyone can check it and make sure that there are no backdoors or other security threats to your data.
Nextcloud allows you to store data on the user’s own reliable servers. By hosting your data on your own server, you will be able to block outside access to it, while you yourself will have this access through the firewall.
Examples of this approach include the Nextcloud Hub. You and your team will get the following features:
- Share and collaborate on documents, send and receive emails, manage your calendar, and video chat without data leaks.
- Because it’s an on-premises solution, Nextcloud Hub provides the benefit of online collaboration without the security risks and compliance requirements.
The ability to host Nextcloud on your own hardware is important, as Nextcloud does not yet offer end-to-end encryption.
At the same time, Nextcloud can be considered a powerful, flexible and free cloud storage. In addition to the main product, you can get more than 100 applications and create a simple cloud storage or a complete environment for home and corporate use.
Using secure servers, you can create free or cheap secure cloud storage that is in no way inferior to competitors. When end-to-end encryption appears, it will be possible to create such storage even without your own hosting.
MEGA.nz – targeted at ordinary users and with zero information disclosure
MEGA is one of the most famous secure cloud storage services, which was launched in 2013 by Kim Dotcom. It is an end-to-end encrypted, zero-knowledge service. It has desktop and mobile apps for the most popular operating systems and devices. The free plan offers 15 GB of storage, with certain actions you can increase this amount up to 50 GB. Among the shortcomings can be called a daily limit on data transfer, which for some may be unacceptable. Despite this, MEGA remains an excellent choice for individual users.
For corporate clients, this is not such a good choice. Tariff plans with unlimited disk space and unlimited data transfer may appeal to some organizations. There is a built-in chat, contacts, file preview, which contributes to group work. But competing services like Tresorit and pCloud for corporate clients may be more attractive. Due to New Zealand law, MEGA’s terms of use contain some dubious clauses that may deter customers.
Conclusion
The most secure cloud storage services may not be as popular and convenient as Google Drive. They may not be in sync with third-party services like Office 365. Despite this, the services listed in this article provide a higher level of data protection. If your data is worth reliable protection, you should use one of the services discussed here.
