Re-examining the Security of Personal Cloud Apps

Although the idea of security in the cloud is most frequently discussed in terms of business/enterprise settings, the protection of personal files increasingly becomes a concern for end-users, as well. We saw this after the infamous Sony and iCloud hacks last year, when more people (even celebrities) realized how easily their files could be compromised if they are not sufficiently protected.

Re-examining the Security of Personal Cloud AppsGiven the increased usage of cloud-based apps among individuals, the issue of security becomes more important and, correspondingly, a dominant focus among cloud app providers.

The growth of the consumer cloud

The consumer cloud market grows at a rapid pace and this constantly introduces new players to the game. According to a freshly released report by Research and Markets, consumer cloud is expected to grow from $ 12.02 Billion this year to $80.02 Billion by 2020. As noted by the analysts, such a growth rate is partly influenced by the fact more small and medium sized companies decide to provide access to personal cloud services for their employees in order to cut IT costs and boost productivity.

While users increasingly rely on cloud storage apps in their daily and professional lives, the security of their data and cloud security as a whole becomes more important. Unlike several years ago, users now have a greater variety of secure solutions at their disposal and this is still a major selling point for a large number of providers aiming to compete with Dropbox and Box.

However, no app is secure enough as long as the users themselves are unaware of security best practices.

Most providers offer two-factor authentication, yet not many people use it.

Almost all the major cloud storage providers today deploy advanced features in order to provide the necessary level of security for the end users. However, breaches are still happening, mainly due to people’s own neglect.

Probably the greatest example of a personal cloud breach is the above mentioned iCloud hack that raised questions about the ways people use cloud sharing and collaboration applications. When celebrity accounts were hacked using the most common username-password combinations, the extent to which people are reluctant to secure their files became evident.

In the aftermath of the breach, iCloud enhanced its security features and tried to encourage a wider use of two-factor authentication systems. Similarly, other cloud giants such as Dropbox and Google offer some sort of two-step verification to ensure secure logging in. Facebook has also introduced different forms of login approvals, which practically made this form of security mainstream.

This is particularly important in the age when the largest number of people uses at least two devices on a regular basis. Two-factor authentication can dramatically increase the security of online accounts and this is why it should be more widely used. In this post, Mario Aguilar gives step-by-step instructions for enabling two-step verifications across all your accounts from Apple to Slack.

The use of weak passwords is still a dominant problem.

As shown in the last year’s industry reports, online consumers are still most likely to use the same username-password combinations for logging in to multiple accounts. Among the winning password solutions are those that contain blatantly obvious sets of numbers, as well as dictionary words or phrases. For 2014, the winners were “123456,” “password,” and “12345,” according to this year’s SplashData report.

Furthermore, recent research on Ashley Madison passwords also shows that these habits haven’t changed. The report lists the following passwords along with the number of users:

PASSWORD NUMBER OF USERS
123456 120511
12345 48452
password 39448
DEFAULT 34275
123456789 26620
qwerty 20778
12345678 14172
abc123 10869
pussy 10683
1234567 9468

Additionally, the guys from WP Engine made a whole case study on the profiles of the people who use these passwords. Unfortunately, these profiles are too common, which makes the use of weak passwords one of the most serious problems in the overall cyberspace. For cloud apps, especially those that do not provide two-factor authentication options, the first step towards security is the use or rock-solid passwords.

Client-side encrypted solutions should be a preferred choice.

In addition to secure passwords and two-factor authentication, client-side encryption is another effective way to minimize the risks of cloud data breach. This means that the system encrypts credentials and data on a user’s device, thus leaving virtually no option for attackers to hack into their accounts.

Such examples include pCloud.com, Boxcryptor.com and SpiderOak.com. Taking pCloud as an example here, as it’s probably the most interesting competitor to cloud giants. With its pCloud Crypto, the app provides an advanced level of protection for sensitive files by encrypting them both in transit and at rest.

The data lies encrypted on a remote server and nobody can read it without the access to the encryption key, which is stored on a user’s device. Such solutions are particularly convenient for businesspeople, who increasingly use personal mobile devices to store both personal and company files.

Clearly, both the availability and the use of secure cloud solutions have greatly increased over the last few years. People use multiple storage applications, but their files are still at risk when accessed via insecure networks and using weak credentials. Now that more cloud providers are toughening their security features, we might expect a greater effort on educating people on both security threats and data protection best practices in the cloud.

Top/Featured Image: By Perspecsys Photos / Flickr

COMMENTS

WORDPRESS: 1
  • Charles SPEICHER jr 1 year

    In order to begin to address the complex issues associated with cloud security one must start with a simple concept. Security must be at both ends of the wire to secure the exchange of data. The NIST IR 7628/ 7629 is a good document to start with in order to establish security standards as a real engineering discipline which experts agree should be designed-in security from the beginning .That said agile development is one methodology that is necessary but rarely used in the process of commercial development of products and/or systems today. In short why I created a “community of practice” dedicated to this complex subject of end to end security called the “Security Fabric Alliance an informal consortium active since 2010 on a reference architecture that can teach people what they need to know for all that participate in order to become change agents in our quest to secure all critical infrastructure that deliver the basic elements we all need to support the many lifestyles we take for granted around the globe. There is a rising tsunami of digital Armageddon if we continue to ignore the people that want to change the order of the world powers and they don’t need an army to any longer cyber war has already started with intelligent gathering and it is just a matter of time before the first shot is fired by an enemy we may not even see in this theater of war!
    Founder Security Fabric Alliance
    Charles “Chuck”Speicher jr

  • DISQUS: 0

    Re-examining the Security of Personal Cloud Apps

    by Sarah Green time to read: 3 min
    1