Cloud storage security protects files from. Cloud storage security rating


“It seems to me that the more data we put into the network, into the clouds, the less control we actually have over it.”

Can cloud storage be trusted?

I think the majority will answer negatively to the first question, but positively to the second.

Currently, cloud services have become so widespread and closely integrated with the equipment of leading manufacturers of computers and various gadgets that many do not even think about where exactly their data is stored and what can happen to it.

Are clouds really that scary, and are our home computers really that safe?

Let's look at Steve's argument.

The first argument is “nothing in the clouds belongs to you.” Information created by you, especially information about yourself (personal data), always belongs to you, regardless of where it is located. By transferring it for storage to a cloud service, you do not transfer any rights to the information to its owner. She was and remains yours.

The second argument is “the more data we send to the network, to the clouds, the less we actually control it.” Have you ever encountered such a situation: you are trying to boot your computer, it won’t boot, and the screen displays an offer to pay money for unlocking, or you are accessing a file, but it is encrypted, and again they demand a certain amount for decryption? Millions of computers around the world are infected and are part of botnets. It is possible that your computer is no longer under your control, and, accordingly, all the data that is on it is no longer under your control.

Do we have reason not to trust cloud services?

The theory teaches that to protect information, it is necessary to ensure its confidentiality, integrity and availability. Let's see if these properties are provided when using clouds.

Legal aspects

Cloud service user agreements almost never contain obligations to maintain the confidentiality and integrity of your data. Organizations should remember that, as PD operators, they need to provide the full range of processing requirements and data, which is not always feasible in the cloud.

In addition, a ban on storing personal data in databases located outside of Russia should come into force in the near future (this provision should come into force on September 1, 2016, although there is currently active lobbying to move this date to September 1, 2015 .).

In terms of accessibility cloud service at first glance everything is fine. Most cloud service providers guarantee high service availability. But let's figure out where the responsibility of the cloud service provider ends and where you are with your Internet access devices.

There are dozens of reasons why your data stored in the cloud may not be accessible to you, even though the cloud service itself will be fully functional. Therefore, the actual availability of the cloud service is significantly lower than stated in user agreement numbers

To this should be added the risks associated with Western sanctions against Russia. Most, I think, have heard about the US Presidential decree on additional sanctions against Crimea, the consequences of which could be the blocking of services on the peninsula, such as Gmail, Skype or iCIoud. In the current difficult political situation, you cannot be sure that at one point you will not simply be disconnected from the cloud service, especially if this service is provided by an American company.

Let's try to evaluate what it's like real situation ensuring the integrity and confidentiality of information in the cloud.

Despite the fact that the provider has no formal obligations to provide these information properties, all well-known global IT companies provide sufficient high level both from unauthorized access to them and from destruction for some technical reason. Those. With a direct attack on the resources of a cloud service provider, attackers are unlikely to be able to achieve their goal. Although, as they say, even an old woman can fail, as evidenced by loud statements periodically appearing in the media about the leakage of user data from large IT companies and Internet services.

The main vulnerability of Internet services lies in the use almost exclusively of password authentication and the use of not entirely reliable methods for recovering forgotten authentication data - logins and passwords (primarily through email). True, in Lately When it comes to recovering authentication data, there is a clear tendency to become more complex.

When connecting cloud services, organizations should immediately attend to the implementation of some mechanism two-factor authentication. Maturity of cloud services in terms of provision information security on this moment leaves much to be desired. You are unlikely to find in them a wide range of authentication methods, a very flexible access control system, advanced event auditing with support for SIEM systems, built-in tools for working with cryptography, etc.


If you do not trust the cloud service provider or want to provide additional protection for information in the cloud, then you should use. This method of protection is possible if you do not plan to process information in the cloud (for example, edit photos or text), but only store and transmit data in its original form.

In this case, it is necessary to take into account the difficulties with the distribution and management of cryptographic keys (especially for large organizations) and losses in mobility (to access data, you must have an up-to-date cryptographic key stored on your device in a safe way, and this may cause technical or technological problems).

Yes, we have reasons not to trust cloud services. Yes, large organizations that invest heavily in data security can achieve a higher level of data protection when hosting information in their data center than in the cloud.

But at the same time, it is clear that the use of cloud services will only expand. It’s convenient when you don’t have to think about creating this or that IT service and maintaining it in working order, but you can use the clouds almost instantly.

To use an analogy, most people prefer to buy a cake rather than bake it themselves. Moreover, a cloud service, as a rule, allows you to quickly change service parameters, which is not just convenient, but for most organizations is necessary at a significantly increased rate of change in business requirements. It should also be noted that cloud services are much more suitable for mobile users, and business and ourselves are becoming more and more mobile every year.

Therefore, whether you trust the clouds or not, they have already entered or will soon enter your life. And now it’s worth thinking about what information you are willing to entrust to the clouds and how you can minimize the risks that we discussed in this article.

Anatoly Skorodumov

Cloud file storage technologies are today considered a must-have tool for a modern Internet user. Each of them has an account on one of the cloud drives: Google Drive, Yandex.Disk or Mail.ru. Most have at least two of these services. In this article we will look at the main network file storage services, ways to increase disk space on them, we will provide tips on their effective and safe use.

What is cloud storage

Local disks and memory cards are physically connected to our computer or tablet by wires. Network drives are physically located in special server centers, where stable power supply and comfortable operation are ensured temperature regime. Contact them local computer supports via the Internet. When you access your cloud drive through a browser or mobile client application, the system displays a list of files located on the server. When a user transfers a file from local folder My documents are in Cloud storage, the document is physically copied via the Internet and goes to the server.

Therefore, even after the physical destruction of the phone or computer, the files will remain safe and sound. They can be viewed via a web browser on any computer or tablet.

To assess the popularity of disk storage, it is enough to cite one statistical fact. As of 2014, the most popular cloud was Google Drive. Storage works by default for everyone Android devices, except in Chinese, where access to Google is limited. Its users were 240 million people.

What can you use Cloud Drive for?

The main tasks solved by users using network storage:

Developers are constantly improving the security system of their services. The standard today is to store user files in encrypted form. Without special key it's a useless set of bytes.

The security of services should not be overestimated. In 2011, the reputable company IDC published its report, where it unsatisfactorily assessed the level of their secrecy and resistance to hacking. Experts recommended strengthening the level of authorization and encrypting files in storage and during transfer. Most developers listened to the recommendations and made changes to their applications.

Login to the Cloud Storage can be protected with two-factor authorization: specifying a password and confirming login using your phone. But for most users, one password is enough.

When compiling this rating, the company's experts took into account technological solutions to ensure the security of user data and the presence of failures in the service in the past. Considering that all storage facilities presented in the diagram have been operating for more than 5 years, the history of failure statistics is comparable.

    1. Recognized as the safest OneDrive. Experts listed the benefits of the service as innovative security system , when the keys to encrypted files and the data themselves are stored on separate servers. By gaining access to only one of these arrays, an attacker will not be able to benefit. Let us remind you that OneDrive is aimed at the corporate market and is the default drive when subscribing to Office365. Subscribers are allocated up to 100 GB at once, while free users receive only 6 GB.
    2. Ranked second in safety iCloud Drive . This cloud serves users of the Apple ecosystem: iPhone, MacBook and other proprietary solutions of the corporation. Data encryption is performed here both during storage and during transmission. Overall the storage is reliable and comparable to OneDrive in terms of security, but it earned a negative point for a failure in 2014. Many users were involved in this scandal. Private photographs of stars stored on their iPhones have been leaked online. if you use Apple technology, then you can’t do without a branded cloud. Data backups are performed on it and system settings phone and laptop. With its help they restore deleted photos and documents.
    3. Third place awarded Google Drive. Reason - insufficient level of security when storing files . When transmitting data to the server and to the client device, the traffic is encrypted. Experts added two-factor authentication with password confirmation via SMS to the phone number specified during registration as an advantage of the cloud. Experts note that in business accounts designed for corporations, Google Drive provides an increased level of security comparable to OneDrive. Regular users are recommended to encrypt confidential data themselves. For example, archive them with a password.
    4. Russian takes fourth place Yandex.Disk. Experts identified the security benefits of this cloud as wide choose authorization methods, including TouchID, PIN code and QR code. An important advantage for ordinary users- checking files for viruses . The transmission channel of the Yandex storage is encrypted, like its competitors. The only serious failure is considered to be an error in the service’s client program for Windows, made by the company’s programmers in 2013. Users did not lose out. They were allocated 200 GB of disk space indefinitely free use as a compensation.
    5. Fifth place for an old-timer of the market - DropBox. Its security disadvantage is no client side encryption . Theoretically, this allows an attacker to intercept data during transmission from local device to the server. In 2011, there was a serious glitch in the DropBox service. It lasted only 4 hours. During this period of time, it was possible to access the entire storage, and not just the data area specific user. But we note that in 2011 there were simply no other competitors from the rating. DropBox was a pioneer in network-attached storage and had room for mistakes.

How to get more free cloud storage space

All cloud storage services are commercial. Their main task is to earn the money required to cover the costs of supporting the development team and developing the server infrastructure. Therefore, users are provided with free limited quantity space. To get additional free place To store photos and documents, you will need to fulfill certain conditions of the service or participate in promotions.

For example. Yandex.Disk offers 32 gigabytes of free space. auto-upload photos to mobile device.

Other cloud services also offer space expansion options for free:

  • For inviting friends.
  • For installing a cloud drive mobile application or program on a computer.
  • Students and teachers for providing a photograph of a student ID or university pass. Yandex.Disk provides an additional 32 free gigabytes for this promotion.

Also, cloud file storage services provide free space under an affiliate scheme. For example, when purchasing laptops or tablets of a certain brand.

A universal way to multiply your cloud storage space for free is to create multiple accounts.

How to install a cloud drive on your computer

Three network storages are most suitable for a computer:

  1. Google Drive. It is chosen by active users GMail services and a powerful online document and spreadsheet editor - Google Docs.
  2. Yandex.Disk. A good choice when you don't need to use Google services. This is a reliable Russian cloud drive for which you can easily get up to 42 GB or more free space by enabling auto-upload of photos on your mobile device.
  3. OneDrive. Users of computers and laptops with operating Windows system 10 get support for this network drive“to the load.” If you have a Windows account, 5 GB of space is allocated on OneDrive. In the This PC shortcut, a folder of the same name is created, synchronized with the cloud.

Installing the program on your computer will only be required for the first two services. OneDrive support is available on system level. Let's give step by step instructions installing an application using Yandex.Disk as an example.

Every modern smartphone comes with support for at least one cloud storage out of the box.

  • Apple phones come with iCloud support for Reserve copy settings, system files and photo synchronization. Additionally, you can connect the Yandex storage using the download and install from official store Apple apps programs.
  • Samsung phones include support for two clouds at once: the proprietary Samsung Cloud and Google Drive. Owners of smartphones of this brand have a Google account, like Android users and a Samsung account for the manufacturer’s branded services.
  • Xiaomi phones out of the box support communication with own cloud Xiaomi MiCloud. Everything works similarly to the iPhone: backups are made to storage on the network and photos from the camera are sent.
  • Smartphones Windows Phone come with OneDrive access enabled. If you have an Office365 subscription, your available storage will increase by 100 GB.
  • Android smartphones from other manufacturers support one cloud storage - Google Drive.

You can purchase extra bed, fulfilling the requirements of service promotions or buying it for money.

Please note that Android smartphones support Google Drive, but to work with Google Docs and Sheets you will need to install separate mobile applications. There is also a client program from Google Drive for easy navigation through network storage. The latter is most often preinstalled on the phone.

If the capabilities of the pre-installed network storage are not enough for you, install a third-party one. The most popular: Yandex.Disk, DropBox, Mail.ru.

We'll show you how to install an application for them using Yandex Drive as an example.

Create a complex password. Your private photos and videos are more likely to be leaked online if you have come up with a simple password. Complex can be generated using special program or come up with it yourself using the following algorithm: !-!123HELLO-WoRlD123!-!. This combination is easy to remember, but is a very difficult password to crack.

Encrypt sensitive data before uploading it to the network. Passwords and keys to accounts are stored in open form dangerous. If you don't have a dedicated encryption program, archive sensitive files with a password before sending them online.

Use dual authentication. A number of network storages support dual authentication. You need to enter a password and confirm the entry by sending a code from an SMS sent by the service. This procedure seems less convenient, but provides greater data protection.

History of cloud file storage technologies

The phrase “ cloud technologies” first used in 1997. New world global network a new computing paradigm was required. Professor Ramnath Chellup from the University of Texas has proposed a move to cloud computing as an alternative to increasing local computing power.

Real developments in part sharing resources on the network date back to 2000. We owe the commercial launch of the service on the new cloud scheme to Amazon. This happened in 2002.

Pioneer in implementation and development cloud applications, working through a browser, became Google. New technology started on the market in 2009.

The idea of ​​​​creating cloud storage on the Internet is described by its inventor Drew Houston as follows. The guy was sitting on a bus traveling from Boston to New York, with a laptop, but without a flash drive, left at home. To overcome the problem, he began to think about accessing files wirelessly and came up with an application that would implement this idea. The first DropBox code was written, according to this version of events, right on the bus.

According to the founder of DropBox, the project at the startup stage wanted to acquire Steve Jobs, but was refused. Today the company is worth approximately US$4 billion.

All subsequent network storage: iCloud, Google and Yandex appeared much later. Their main promotion paradigm is that the service is conditionally free. The user receives part of the gigabytes immediately, free of charge and unconditionally. The rest must be purchased by subscription.

Modern cloud storage have become not only a place for storing information, but also offer a number of technological solutions for collaboration over files to people living in different parts of the world. Below are the most popular problems solved with their help.

Report content


  • Copyright infringement Spam Incorrect content Broken links


    • Send

    Web giant Google provides many great features in its cloud storage. Google says it's safe to store your data with them. Even if your computer, tablet, or phone fails, your Google Drive data is safe. The company also claims that files stored in their data center cannot disappear.

    To use Drive, you need a Google account. Creating a Google account couldn't be easier. Google will ask you to come up with strong password. The password must contain at least 8 characters. However, there is no requirement for case-sensitive or varied letters and numbers when registering with Google. Although this could improve security.

    Protection account at Google, this is a fundamental step in securing Drive storage. Google offers two-step verification (two-factor authentication) in order to increase the security of your account. Once you enable this feature, every time you log into any of the Google services you will need to enter an additional code. After entering the correct username and password on the Google account page, you will receive an SMS with a verification code on your mobile phone. You will be able to log into Google only after entering this code. Thus, two-step authentication can make Google Drive more secure from hackers. You can also receive such codes using smartphone apps.

    In accounting Google posts there is a secret question and the ability to enter email address or phone number for account recovery, and this will also allow you to regain control of your account in the event of a hack. You also control the apps you sign into with your account. Browsing history, IP address, and device information are also available so you can track activity on your Google account.

    Encryption is simply vital for any cloud service. Although Google Drive uses HTTPS, it does not provide its own file encryption service. So if you want to encrypt your files, do so before sending them to Google Drive. You can use Boxcryptor for free to secure your cloud files.

    Google Drive offers a range of custom sharing options. Using these settings, you can control who can access files, who can download them, edit them, etc. You can view file versions on Google Drive. So if you need the previous version, you can get it by clicking on right button mouse on the required file and selecting the ‘Manage Versions’ option.

    It may be noted that the security of Google's online storage service depends on the security of your Google account. If you can protect your Gmail ID accounts, then you can count on reliable protection files on Google Drive.

    Microsoft OneDrive

    Cloud storage OneDrive from the most powerful software developer Microsoft. To use OneDrive, you must have a Microsoft account. Visit Outlook.com to open a new Microsoft account. During the subscription process, Microsoft takes a number of robust security measures to protect the consumer from hackers. Microsoft suggests and requires a complex password of at least 8 characters with case-sensitive letters. All this is done for the sake of safety.

    The security of OneDrive depends on the security of your Microsoft account. So if your Microsoft account is secured, it also keeps your OneDrive space secure.

    Microsoft takes account security on Outlook.com very seriously. To create an account, you need to go to the “Account Settings” option and confirm your identity there using two-step authentication. For account settings, this feature is enabled by default.

    Microsoft's two-step verification has more functionality than Google's similar feature. However, you can safely trust both services.

    OneDrive uses an HTTPS connection to operate. ‘Recent activity’. From there, you can also manage apps that you've authorized for use with Outlook.com.

    OneDrive offers a free file history view for office documents. ‘ Previous versions’ other file formats are available for business-level users. So if you make changes to Office documents, you can view the previous version for free in OneDrive. OneDrive files are not accessible without your permission. Despite this, OneDrive does not encrypt files uploaded to its server. Thus, you can ensure a higher level of security for your data by using third-party encryption services, for example, Boxcryptor.

    Dropbox is one of the most popular online storage providers. It is used for both personal and commercial purposes. Dropbox is exclusively cloud storage. So all their energy is concentrated on the cloud...

    Dropbox says data security is their top priority. When subscribing to Dropbox, you will notice that the process is quite simple and fast. You will need to enter your name, address Email and password. The account creation page will prompt you to use a strong password. However, there is no obligation to maintain a certain level of security.

    Subscribing to Dropbox may not require immediate email verification, but you will need to verify your email in order to seamlessly share files. All these options will be available as you use the service.

    Dropbox offers a file version feature so you can revert to an older version necessary files. If the file was edited and later you need to get its previous version, just right-click on the new version of the file and select the “Previous Versions” option in the context menu.

    A Dropbox account comes with a range of additional systems security. You can also use two-step verification, which requires you to enter a unique code every time you sign in to Dropbox. This code can be received on your mobile phone. You can also get the code through a smartphone app. Either way, two-factor authentication can significantly increase the security of your account.

    The Dropbox Security Settings page also allows you to monitor and manage connected devices, browsing history, linked apps, and more to prevent unauthorized access.

    Dropbox uses an HTTPS connection on its website and during data transfers between you and the cloud storage. You can control access to files using data sharing options.

    Dropbox itself does not provide the option to encrypt files before uploading to their server. Dropbox says it encrypts files during transfer and at all other times. However, you can encrypt files before sending them to Dropbox. There are a whole lot of tools for this. Boxcryptor is one of them. It uses industry standard "AES-256 bit" encryption technology to further enhance the security of your files.

    Copy is one of the most popular services cloud storage data, competing with Dropbox, Google Drive, OneDrive, etc. The service also offers a bonus for attracting new customers, with which existing users can increase their free space. The registration process for Copy takes just a few seconds. You will be asked to provide a name, email address and password. During the registration process for Copy. All that was indicated regarding the password is that it must consist of at least 6 characters.

    Copy.com uses a secure HTTPS connection during data transfer between the user and its server. The company also claims that they store data in an encrypted format. But despite this, you cannot encrypt data on Copy.com yourself. But no one has canceled third-party services for encrypting data before sending it to Copy. So you can safely encrypt your files first, and then send them for storage to Copy.

    Copy.com does not offer two-step verification, which plays a very large role in maintaining account security. Hopefully they will start offering this valuable option soon.

    Copy has a file history check feature that allows you to get previous versions of your files. Unfortunately, Copy.com does not have an option to view your account history.

    Despite its excellent user interface and functionality, Copy still lacks some essential features.

    Mega service, which is known for its confidentiality. Mega was founded by Kim Dotcom. The service provides each new user with 50 GB of free space. To register with Mega, you need to provide basic information such as name, email address, password, etc. Mega requires you to use a strong password. If the password is not strong enough, you will receive the following message: ‘your password is not strong enough to continue’.

    Mega uses an HTTPS connection and client-side encryption technology. This means that locally encrypted information will be sent to Mega. When downloading information from the service, it is decrypted. According to Mega's security help page, your files cannot be read on the server. The company strongly recommends not to lose your password. The Mega password is not only a password, but a code that opens the main decryption key. Mega claims that it is impossible to recover the password on the service. If there is no backup copy of the main decryption key, then all data stored on the service server will be lost.

    However, there are reports that Mega's browser-based encryption system has certain weaknesses.

    Mega offers excellent security features, but, unfortunately, the service does not have file version history. Can be restored deleted files using the 'SyncDebris' application from Sync Client, or from the 'Rubbish Bin' folder on Mega. To monitor activity, Mega provides a browsing log option and an application management option.

    What's interesting is that Mega doesn't have a two-step verification option, which would greatly improve the service's privacy and security efforts.

    This section took a detailed look at the available security features of popular cloud storage providers such as Google Drive, Dropbox, Copy and Mega. When it comes to security, they all have their own and special offers. Now let's see what basic security features these services offer. Below is an easy-to-follow checklist.

      Password Strength Requirement: Google, Microsoft and Mega require you to use a strong password. Dropbox and Copy are more flexible in this regard.

      Email address verification requirement: All services sooner or later require you to verify your email address.

      Two-step verification: Google Drive, OneDrive and Dropbox provide two-step verification. Copy and Mega do not currently provide this option.

      Client-side encryption: Only Mega offers client-side encryption. This is done from the device from which the files are downloaded.

      Server-side encryption: Dropbox, Mega and Copy store files encrypted on their servers. Where you can use local encryption to avoid risks.

      Using a secure connection (HTTPS): All of these providers use a secure HTTPS connection. However, Mega gives users the option to disable it (optional).

      Usage security questions to verify users: Google Drive has this option available. OneDrive, Dropbox, Copy and Mega do not currently use a security question.

    From the above, it is clear that Google Drive provides almost all security features except encryption. Microsoft OneDrive and Dropbox follow closely behind. Mega provides sophisticated security such as encryption, but the service does not have two-step verification. Copy needs to work on turning its great cloud storage experience into a more secure environment with two-step verification, password strength requirements, and other innovative security systems.

    Clouds, clouds - gigabyte platforms!

    If you're tired of running between work and home with a flash drive, constantly carry a laptop with the necessary files and you want yours important files were available to you or your team on any computer or mobile device, then they can help you .

    Cloud data storage- an online storage model in which data is stored on numerous servers distributed over the network, provided for use by clients, mainly third parties. In contrast to the model of storing data on your own dedicated servers, purchased or rented specifically for such purposes, the number or any internal structure of servers is generally not visible to the client. The data is stored, as well as processed, in the so-called cloud , which represents, from the client's point of view, one large, virtual server. Cloud data storage.

    Offers to your attention review of 10+ free and paid services cloud data storage.

    Cloud data storage:

    1. Google Drive

    Google Drive- cloud data storage from Google, which speaks for itself. Google Drive allows users to store their data on servers and share it with other users on the Internet. Cloud storage divides space between Google Drive, Gmail and Google Photo. The service can store not only documents, but also photos, music, videos and many other files - 30 types in total. Everything is very convenient and familiar for users of Google services.

    Google Drive pricing plans

    The maximum file size is 5 TB.

    Available in web browsers, Windows, Mac OS, Android, iOS, etc.

    2. Microsoft OneDrive

    OneDrive- Microsoft SkyDrive, renamed in February 2014, is a cloud-based Internet file storage service with file sharing functions. By the way, SkyDrive was created in August 2007 by Microsoft. Now OneDrive one of the flagships of cloud data storage.

    Service advantage OneDrive is that it is immediately integrated with Office 365, so directly from the application you can create, edit, save Excel files, OneNote, PowerPoint and Word in Windows service Live OneDrive.

    Service OneDrive allows you to store it for now for free 5 GB (although previously 15 GB were offered) information in an organized manner using standard folders form. Images are previewed in the form of thumbnails, as well as the ability to view them in the form of slides.

    The idea of ​​cloud storage is brilliant. Instead of storing data locally on the devices you use, external drives and home network storages and fiddling with access, synchronization and backups, users over the Internet transfer files and folders to service data centers and have no worries. Access is provided from an application or client program, wherever the user is - you just need to enter a password. There are no problems with storage space: the services offer up to 30 TB, and there is no charge for the initial period of use.

    And yet there is a fly in the ointment, because of which all the beauty of using clouds is forgotten. Users transfer their data into the wrong hands: photos from their last seaside vacation, or a video from a wedding, or personal correspondence. Therefore, in this comparison, we focused on the security of ten cloud storage services: IT giants - Apple, Google, Microsoft, Amazon, two hosting companies - Box and Dropbox - specializing in cloud storage, as well as two service providers from Russia - Yandex. and Mail.ru.

    Plus a billion users in five years

    Back in 2015, the number of cloud storage users was about 1.3 billion. By 2020, there will be 1 billion more users.

    Data traffic - three times more

    In 2015, cloud storage users transferred an average of only 513 MB of data per month. By 2020, the volume will triple.


    Functionality: can you trust advertising?

    Vendors, of course, know that users place a high value on security and must accommodate their requirements. A quick look at all the offerings gives the impression that cloud services use the highest security standards and providers go to great lengths to protect their customers' data.

    However, upon closer reading it becomes clear that this is not entirely true and the standards are not always new. Service providers are running out of options safe storage data is far from complete, and “high level of security”, “SSL protection” or “secure encryption” are nothing more than slogans to take advantage of the fact that most clients do not have special knowledge in security matters.

    Network memory capacity

    Cloud storage services lure customers with free offers. The volume can be increased for a fee.

    TLS is not everything

    “SSL” and “HTTPS” are popular and well-known security abbreviations. But we shouldn’t let our guard down. This type of encryption is a necessity, but does not guarantee exceptional data security. The cryptographic protocol TLS (Transport Layer Security), which officially replaced SSL 3.0 (Secure Sockets Layer) in 1999, provides secure data exchange between the cloud storage website and the client program on your computer or an application on your smartphone.

    Encryption during data transfer is important primarily to protect incoming metadata. Without TLS, any attacker can intercept the transmission and change the data or steal the password.

    We tested cloud storage using comprehensive tool for Qualys testing (sslabs.com/ssltest). All providers use the latest version of the TLS 1.2 standard. Six of them prefer 128-bit AES encryption, four prefer the more powerful AES 256. Both of them are satisfactory. All services activate additional protection Perfect Forward Secrecy (PFS - “perfect forward secrecy”) so that the transmitted encrypted data cannot be decrypted even later.

    HSTS (HTTP Strict Transport Security) - another security mechanism that protects against downgrade attacks - is not used by most vendors. The entire list, that is, TLS 1.2 with AES 256, PFS and HSTS, is only available from Dropbox.

    Double access protection

    Access to personal data must be protected by two-step verification. In addition to the password, Amazon requires a PIN code that is generated by the application.


    Encryption on the server is a matter of trust

    Another one standard function, in addition to secure transmission, is data encryption on the supplier's server. Amazon and Microsoft, unfortunately, are exceptions to the rule by not encrypting data. Apple uses AES 128, others use the more recent AES 256.

    Encryption in data centers is not a novelty: if attackers, despite all security measures, still manage to steal user data, they will still need the key - unless they resort to extortion. And this is often where the problem arises: this type of encryption is a very dubious solution if the vendors hold the keys to your data.

    That is, any cloud service administrator can easily view all your photos at any time. If it’s hard to believe, maybe the option of investigators having access to the data will be more convincing. Of course, suppliers demonstrate in every possible way serious attitude to the point, but clients have to overcome themselves and show trust, since in this way their data is not completely protected.


    Dropbox provides security with 256-bit AES encryption at rest and SSL/TLS during transfer

    No end-to-end encryption

    So, most services ensure the security of user data by protecting the transmission and encrypting it on the server, and all participants in our comparison that encrypt user data have keys. None of the services use end-to-end encryption. His fundamental difference from encryption during transmission and on the server - encryption from the very beginning.


    End-to-end implies encryption locally on the user’s devices and transmission in this form to data centers. When accessing data, it is returned back to the user in the same encrypted form and decrypted on his devices. The point is that the user, firstly, sends data exclusively in encrypted form, and secondly, does not issue any keys to the supplier.

    That is, even if the administrator is burning with curiosity, an attacker steals the data, or the investigative authorities need to disclose it, they will not succeed.
    The implementation of the so-called “zero knowledge principle” is closely related to permanent encryption.

    Translated into simple language, its essence is as follows: no one but you knows how to decrypt your data. No cloud storage provider receives information that can be used to decrypt encrypted data - you didn't tell them anything, they have "zero knowledge." To do this in practice is difficult and quite inconvenient, and the participants in our comparison according to this criterion cannot provide us with anything.

    No two-factor authentication

    It is obvious that suppliers are concerned with the security of their customers' data, but for some reason they do not fully think through the action plan. Access to data stored in the cloud is effectively protected by two-factor authentication. Its essence is as follows.

    To successfully complete the login process, it is not enough just a username and password - you also need a PIN code, and not a permanent one, as, for example, for a bank card, but generated by an application on a smartphone or sent via SMS to the phone. Typically such codes are valid for 30 seconds.

    The user needs to keep the smartphone linked to the account at hand, and when logging in, after the password, enter the received code. Domestic suppliers this simple and effective method they do not offer protection, unlike the Internet giants, as well as the “narrow-profile” Box and Dropbox.

    Actual cloud storage speed

    We measured cloud storage speeds over cable (up to 212 Mbps), DSL (18 Mbps) and LTE (40 Mbps). The diagram shows average speed for all connection methods.


    He's his own cryptographer. Boxcryptor encrypts files on the device and provides convenient control cloud storage accounts in one window. Users can choose whether they want to manage the key themselves or not

    Location is also an important aspect

    Despite all efforts, at home it is impossible to achieve the level of security that a cloud data storage service offers in a data center, and this is a powerful argument in favor of cloud storage. You can see this by looking at their equipment. All providers except Dropbox, even for free offers certified according to the international standard ISO 27001.

    The location of data centers also plays an important role. The servers of Amazon, Google and other companies are located in the United States and are subject to American laws. Servers that are located only in Russia, for example, Yandex and Mail.ru, respectively, are subject to Russian laws.


    To avoid interfering with other programs, Dropbox uses automatic limitation in the client

    Conclusion: there is room to grow

    The cloud storage services that we reviewed offer only a standard set of security options. Search End-to-end encryption or Zero knowledge is meaningless. All services provide data transfer protection, but Amazon and Microsoft servers do not provide encryption.

    But data centers meet high information security requirements. At the same time, the comparison did not reveal cloud storage with ideal protection.

    The advantages of Russian suppliers lie in location, but the most simple methods They ignore protections like two-factor authentication. You have to take care of it yourself permanent protection data, even if it means high costs and complex management.
    

    2024 gtavrl.ru.