By Paul Niemeyer
September 16, 2013
Storing your files in the cloud certainly is a delicate topic.
Especially with recent news about the NSA scandal many people worry
about storing their files online with an external provider because they
don’t know exactly what happens to their data and who is able to access
uploaded files (ideally only you, but who knows?).
Personally, I’m a fan of local encryption before sending anything into the cloud. I even do this with my favorite cloud storage service JustCloud.
Of course not everybody once to take that extra step handling different
encryption keys, thinking about what to encrypt and what to store
online. However if you just stop for 10 minutes and think it through it
is certainly worth it to encrypt your most important files and choose a
secure cloud storage provider from our list of services that John and I recommend.
If you are unsure whether cloud storage is the right solution for your needs be sure to check out our guide on how to choose a cloud storage service and our cloud storage comparison chart where you can compare features and functions of all the major services online.
The tools that keep me safe
Many people email me asking which tools I use to keep my files safe.
They must think that I’m using a lot of tools with very complicated
settings. However, that is not the case and I will explain to you which
services you might consider for secure cloud storage and how easy it is
to set everything up for your needs.
JustCloud secure file storage
JustCloud Unlimited Cloud Storage
If you have read a couple of articles here at CloudStorageReviews.org you certainly know that JustCloud
is our favorite cloud storage service that we recommend to friends and
family. While they are good for everyday use and they are very cheap
they do not offer local encryption of your files. So you have to take
care about that yourself.
I personally don’t mind doing that, however, I can understand if
people would like to avoid fiddling around with encryption software.
Nevertheless, you should consider JustCloud
as a primary on my backup and cloud storage service for the majority of
your files and then combining it with another secure cloud storage
service for files that are highly sensitive.
You can read my JustCloud review here.
The disadvantage of secure cloud storage providers is that they are generally more expensive
than normal cloud storage services that only encrypt the connection
between your computer and their servers. So you have to be willing to
put in an extra coin if you like total privacy and anonymity.
Cloud storage services with local encryption
SpiderOak file sync and cloud storage
Visit SpiderOak to get started for free
When comes to secure cloud storage online SpiderOak
is certainly a company worth looking at: they were among the first to
put privacy and security first. The good thing is that you can get 2 GB
of free. So if you have just a couple of important files that you want
securely encrypted in the cloud that free version might be enough for
you. If you need more space you can upgrade for $10 per month for 100 GB.
SpiderOak not only offers cloud storage, they also have a
full-fledged online backup and file synchronization service included.
That means you can program your computer backups automatically according
to your schedule. Also file sharing and synchronization allows you to
access your files from anywhere in the world on multiple devices. You
can securely share folders or files with friends, family and colleagues.
Of course, that many features come with a downside: not every part of
the software seems to be well thought through in comparison to other
cloud storage services. Yet when it comes to security SpiderOak offers a
so-called zero knowledge privacy which means that SpiderOak encrypts
your files locally with your personal encryption key of your choosing
which does not get transferred to SpiderOak.
On the other hand, that means you cannot restore your files if you
lose that personal encryption key. Your files are fully encrypted and
even if somebody from the NSA would like to spy on your files they
wouldn’t be able to see the contents of your files.
SpiderOak offers a combination of a 2084 bit RSA and a 256 bit AES
encryption method to keep your file secure. Let’s look at what SpiderOak
says with regards to their encryption method:
Most importantly, however, the outer level keys are
never stored plaintext on the SpiderOak server. They are encrypted with
256 bit AES, using a key created by the key derivation/strengthening
algorithm PBKDF2 (using sha256), with 16384 rounds, and 32 bytes of
random data (“salt”). This approach prevents brute force and
pre-computation or database attacks against the key. This means that a
user who knows her password, can generate the outer level encryption key
using PBKDF2 and the salt, then decipher the outer level keys, and be
on the way to decrypting her data. Without knowledge of the password,
however, the data is quite unreadable.
Final note on SpiderOak
If you need or want to take your file encryption and security
seriously you should certainly have a look at SpiderOak. The major
advantage is that he contested for free and get 2 GB for life. You will
have access to all the features and benefits. Please tell your opinion
on SpiderOak and if you’re using it already would love to hear your
thoughts!
Mega.co.nz
MEGA - 50 GB of free encrypted cloud storage
We talked about Mega.co.nz in the past here at
CloudStorageReviews.org when we compared it to other cloud file
synchronization services like JustCloud and sugar sync. Mega.co.nz is
certainly an interesting alternative because it provides users with 50 GB of storage space. There are Pro accounts available starting from €9.99/month or €99.99 per year for 500 GB
if you need more space you can also opt for a 4 TB version. Now, what
makes Mega are unique is that there is actually no desktop version
available. You have to use it in the browser which can be an advantage
but also a disadvantage. It makes it easy to use and OS compatible yet
some would like to fine-tune it in a software client environment.
In terms of encryption Mega promises to be one of the most secure
alternatives on the cloud storage market. Your data is encrypted before
it is sent over the Internet to Mega’s servers and then decrypted when
you download them. As with all highly secure cloud storage services that
all depends on your security key. If you lose that you will not be able
to access/restore your files.
Let’s see what mega has to offer in terms of encryption:
For bulk transfers, AES-128 (we believe that the
higher CPU utilization of AES-192 and AES-256 outweighs the theoretical
security benefit, at least until the advent of quantum computers).
Post-download integrity checking is done through a chunked variation of
CCM, which is less efficient than OCB, but not encumbered by patents.
For establishing shared secrets between users and dropping files into
your inbox, RSA-2048 (the key length was chosen as middle grounds
between “too insecure” and “too slow”). All encryption, decryption and
key generation is implemented in JavaScript, which limits throughput to a
few MB/s and causes significant CPU load. We are looking forward to the
implementation of the proposed HTML5 WebCrypto API in all major
browsers, which will eliminate this bottleneck.
JavaScript’s built-in random number generator is enhanced through a
mouse/keyboard timing-driven RC4 entropy pool as well as crypto.*
randomness where available (Chrome only at the moment).
Final words about MEGA
So what’s the deal with mega? I think Megan is very useful if you
have a couple of files the data you need to store online and only will
access them via a browser. 50 GB of free is a nice touch, however, that
is nothing that impresses me. Also, what is very interesting is that
Mecca is very speedy offering one of the highest upload and download
speeds available today.
Given the history of mega osprey and father Kit.com I’m still a
little reluctant to use that particular service. Even though he has
resigned as a CEO. As we can see, there have already been found several
vulnerabilities, so no service is actually perfect as promised.
It’s going to be interesting what else made it has to offer in
future. Megan wants to be a platform for other services like video
sharing and streaming and photo storage. Let’s see what the future
brings.
Wuala
Wuala Cloud Storage
Wuala works similar to SpiderOak, however they offer more flexible
storage plans starting from $4 per month for 20 GB to $12 per month for
100 GB. So they are a bit more expensive than SpiderOak yet you can
choose less storage if you need to.
Like SpiderOak, you have to create your own security password with Wuala to access your files and even get features like file versioning and file synchronization.
You can also share files with the Wuala, yet those files can only be
protected with a password so they are not encrypted when you share them
with friends and family.
Their security and encryption process is similar to SpiderOak because they use an AES 256 encryption for transfers and an RSA 2048 that will be plenty for your files.
Final words on Wuala
My first impression of Wuala is quite positive. You can do all the
things that you need when you think about a more secure cloud storage
than, say, Dropbox. Even accessing your files from a mobile phone can be
done with Wuala.
I need to test it a little more to come to a full conclusion, yet it
seems like a worthy competitor to other cloud storage services that
offer the same level of security.
Doing it all on your own
Of course, you shouldn’t rule out the possibility to do all your
cloud storage needs and encryption yourself. That way you can ensure
that you are in full control of what happens to your data. Most of the
time, this can’t be done with just a click of the button. So you need
have little more patience. I think, however, that thinking about doing
it yourself is a good alternative.
Using ownCloud for your cloud storage needs
ownCloud Cloud Storage - Your Private Cloud
If you want to know which are the best and most secure cloud storage services you should have a look at our regularly updated top 10 list of best cloud storage services.
However, if you really want to do it on your own you should highly
consider purchasing a network attached storage ([dic]NAS[/dic]) device
and use it in combination with ownCloud.
If you use a network attached storage you have all the control you
need for your sensitive files. I personally use a NAS from Synology with
two 3 TB hard drives in it. Then I can install ownCloud from the
packages menu and set up my own dropbox. Now, I could even go further
and encrypt those files with Boxcryptor or Truecrypt.
Install OwnCloud on Synology NAS
I’m still working on a full tutorial on how to do that.
Should you use cloud storage?
I think if you don’t use cloud storage you’re missing out on some
major features that will ease your life on a personal as well as on a
business level. Cloud storage services give you access to all your files
wherever you are. If you are very security concerned you should
certainly keep the advice in this article in mind and use only secure
cloud file storage services for your most sensitive information.
If budget is your concern you should certainly have a look at
JustCloud, that I recommend to my friends and family for all the rough
online backup and cloud storage needs. You can sign up for free here.
0 comments