{"id":886,"date":"2021-12-01T11:02:00","date_gmt":"2021-12-01T11:02:00","guid":{"rendered":"https:\/\/dev.cryptoloc.au\/?p=886"},"modified":"2023-10-03T06:16:55","modified_gmt":"2023-10-03T06:16:55","slug":"how-secure-are-the-major-cloud-storage-providers","status":"publish","type":"post","link":"https:\/\/127.0.0.1\/how-secure-are-the-major-cloud-storage-providers\/","title":{"rendered":"How secure are the major cloud storage providers?"},"content":{"rendered":"\n<p>In the wake of COVID-19, most of us are more dependent on cloud storage services than ever. Uploading our files to the cloud is a great way to be able to collaborate with colleagues remotely and work across multiple devices \u2013 but with cybercriminals more determined to access our data than ever, it\u2019s also important to consider how safe our files&nbsp;<em>really<\/em>&nbsp;are when we upload them to a cloud storage provider.&nbsp;<\/p>\n\n\n\n<p>This June, IDCare \u2013 Australia and New Zealand\u2019s national identity and cyber support service \u2013 reported a&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/ia.acs.org.au\/content\/ia\/article\/2021\/pandemic-drives-surge-in-scams.html?ref=newsletter\" target=\"_blank\">34 per cent increase in demand<\/a>&nbsp;for its frontline case management services. This reflects a wider trend of cybercriminals looking to capitalise on a world that has been forced to adopt remote work quicker than it\u2019s been able to adapt the best security practices for doing so.<\/p>\n\n\n\n<p>The explosion in remote work and the acceleration in digitalisation caused by COVID-19 has exponentially increased the attack surfaces that are available to cybercriminals, and made it harder for breaches to be discovered. The Australian Cyber Security Centre recently saw a&nbsp;<a href=\"https:\/\/cryptoloc.com\/blog\/why-australia-enacting-emergency-cybersecurity-laws\">200 per cent increase in reports of ransomware<\/a>, while the&nbsp;<a href=\"https:\/\/cryptoloc.com\/blog\/why-are-cyber-insurance-premiums-going-up\">cost of a typical data breach<\/a>&nbsp;has risen where remote work is a factor, and cyber insurance policies are struggling to keep up.&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>We shouldn\u2019t assume, then, that we can simply store our files in a popular cloud server and forget about it. If you want to ensure your important documents are protected, you need to know you\u2019re going with a secure service.&nbsp;<\/p>\n\n\n\n<p>Right off the bat, there are a couple of things that each of the major providers are doing right. Firstly, they each offer optional two-factor authentication, which adds an extra layer of security to your account by requiring two separate forms of identification to access your account. The first is usually a password, and the second can be a code sent to your phone or email address, or a biometric scan using your fingerprint, face or retina.&nbsp;<\/p>\n\n\n\n<p>And they each offer at least some level of encryption, both for data at rest (data not actively moving from device to device or network to network) and data in transit (data actively moving from one location to another, either across the internet or through a private network).<\/p>\n\n\n\n<p>And while there have been blemishes \u2013&nbsp;<a href=\"https:\/\/www.bbc.com\/news\/technology-37232635\" target=\"_blank\" rel=\"noreferrer noopener\">some bigger than others<\/a>&nbsp;\u2013 most of them have managed to avoid major breaches so far, although&nbsp;<a href=\"https:\/\/time.com\/3318853\/google-user-logins-bitcoin\/\" target=\"_blank\" rel=\"noreferrer noopener\">the same can\u2019t be said<\/a>&nbsp;for&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/everything-you-need-to-know-about-microsoft-exchange-server-hack\/\">their parent companies<\/a>.&nbsp;<\/p>\n\n\n\n<p>But there\u2019s one major problem that hobbles each of the major cloud services \u2013 and it has to do with who can access your encrypted files.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Who holds the key?&nbsp;<\/h3>\n\n\n\n<p>When it comes to cloud storage security, the gold standard is Zero Knowledge encryption. Under Zero Knowledge protocols, your cloud service provider doesn\u2019t store a copy of your encryption key, so they can\u2019t decrypt your files \u2013 even if they wanted to.<\/p>\n\n\n\n<p>The problem is that none of the mainstream cloud storage providers \u2013 the ones attached to giant parent corporations, for the most part \u2013 follow these protocols. Instead, the encryption key to access the files in your cloud stays with them.&nbsp;<\/p>\n\n\n\n<p>That means that no matter how strong your encryption is, or how strong your passwords are, your cloud storage provider still has access to all of your data, and can decrypt it whenever they want, bypassing all of your security.&nbsp;<\/p>\n\n\n\n<p>There are a couple of reasons why they do this. The first is that most of the major cloud storage providers tend to be part of a suite of products, or a workspace, if you will. By holding onto your encryption key, they can access your files faster and speed up the connection between these products.&nbsp;<\/p>\n\n\n\n<p>Holding onto the encryption key also enables them to scan your files \u2013 for instance, one major cloud storage provider flat-out tells users&nbsp;<a href=\"https:\/\/policies.google.com\/privacy\" target=\"_blank\" rel=\"noreferrer noopener\">in their privacy policy<\/a>&nbsp;that they scan the documents users upload to the cloud in order to find things like \u201cwhich ads you\u2019ll find most useful, the people who matter most to you online, or which YouTube videos you might like\u201d. (In other words, their privacy policy is that you don\u2019t have any.)&nbsp;<\/p>\n\n\n\n<p>The same privacy policy states that they will process your data when they have a legal obligation to do so \u2013 if, for instance, they\u2019re responding to an enforceable governmental request. In fact, that\u2019s true of all the major cloud providers, who are all subject to US laws, including the Patriot Act, which gives government agencies the ability to demand access to the data on their servers.&nbsp;&nbsp;<\/p>\n\n\n\n<p>But if they didn\u2019t have your encryption key, then they wouldn\u2019t be able to hand over your data, no matter how badly the government wanted them to.&nbsp;<\/p>\n\n\n\n<p>Keeping your encryption key on their servers also means that, if those servers were hacked, the keys could be obtained by cybercriminals and used to decrypt data stored in the cloud on a massive scale \u2013 defeating the entire purpose of uploading your files to a secure cloud storage service.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">A safer alternative&nbsp;<\/h3>\n\n\n\n<p>Unlike the \u2018big three\u2019 cloud storage providers, we\u2019re proud to say that Cryptoloc abides by Zero Knowledge protocols, which means that we can\u2019t see the data you store with us, and we can\u2019t share it with a third party \u2013 even if we wanted to. Which we don\u2019t.&nbsp;<\/p>\n\n\n\n<p>Better yet, our patented three-key encryption technology combines three different encryption algorithms (AES 256, RSA 4096 and RSA OAEP) into one unique multilayer process, so even if someone gains access to your private key without your consent, they still won\u2019t be able to access your data.&nbsp;<\/p>\n\n\n\n<p>We\u2019ve deployed this technology across multiple products, including Cryptoloc Cloud, which is built to the highest ISO 27001:2013 information security standards. Every piece of data in the Cloud is assigned its own separate audit trail; every user and action is tracked, verified and accounted for; and access for individuals or groups can be revoked at any time.&nbsp;<\/p>\n\n\n\n<p>That\u2019s why no Cryptoloc product has ever been breached, and why no other cloud storage service comes close to Cryptoloc for secure, safe and convenient data management.<\/p>\n\n\n\n<p><em>Learn more about how you can store, share, sync and secure your files with Cryptoloc Cloud&nbsp;<\/em><a href=\"https:\/\/cryptoloc.com\/cloud\"><em>here<\/em><\/a><em>.&nbsp;&nbsp;<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the wake of COVID-19, most of us are more dependent on cloud storage services than ever. Uploading our files to the cloud is a great way to be able to collaborate with colleagues remotely and work across multiple devices \u2013 but with cybercriminals more determined to access our data than ever, it\u2019s also important [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":1117,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/886"}],"collection":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=886"}],"version-history":[{"count":2,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/886\/revisions"}],"predecessor-version":[{"id":1137,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/886\/revisions\/1137"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/1117"}],"wp:attachment":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}