Although the idea of security in the cloud is most frequently discussed in terms of business/enterprise settings, the protection of personal files increasingly becomes a concern for end-users, as well. We saw this after the infamous Sony and iCloud hacks last year, when more people (even celebrities) realized how easily their files could be compromised if they are not sufficiently protected.
Given the increased usage of cloud-based apps among individuals, the issue of security becomes more important and, correspondingly, a dominant focus among cloud app providers.
The growth of the consumer cloud
The consumer cloud market grows at a rapid pace and this constantly introduces new players to the game. According to a freshly released report by Research and Markets, consumer cloud is expected to grow from $ 12.02 Billion this year to $80.02 Billion by 2020. As noted by the analysts, such a growth rate is partly influenced by the fact more small and medium sized companies decide to provide access to personal cloud services for their employees in order to cut IT costs and boost productivity.
While users increasingly rely on cloud storage apps in their daily and professional lives, the security of their data and cloud security as a whole becomes more important. Unlike several years ago, users now have a greater variety of secure solutions at their disposal and this is still a major selling point for a large number of providers aiming to compete with Dropbox and Box.
However, no app is secure enough as long as the users themselves are unaware of security best practices.
Most providers offer two-factor authentication, yet not many people use it.
Almost all the major cloud storage providers today deploy advanced features in order to provide the necessary level of security for the end users. However, breaches are still happening, mainly due to people’s own neglect.
Probably the greatest example of a personal cloud breach is the above mentioned iCloud hack that raised questions about the ways people use cloud sharing and collaboration applications. When celebrity accounts were hacked using the most common username-password combinations, the extent to which people are reluctant to secure their files became evident.
In the aftermath of the breach, iCloud enhanced its security features and tried to encourage a wider use of two-factor authentication systems. Similarly, other cloud giants such as Dropbox and Google offer some sort of two-step verification to ensure secure logging in. Facebook has also introduced different forms of login approvals, which practically made this form of security mainstream.
This is particularly important in the age when the largest number of people uses at least two devices on a regular basis. Two-factor authentication can dramatically increase the security of online accounts and this is why it should be more widely used. In this post, Mario Aguilar gives step-by-step instructions for enabling two-step verifications across all your accounts from Apple to Slack.
The use of weak passwords is still a dominant problem.
As shown in the last year’s industry reports, online consumers are still most likely to use the same username-password combinations for logging in to multiple accounts. Among the winning password solutions are those that contain blatantly obvious sets of numbers, as well as dictionary words or phrases. For 2014, the winners were “123456,” “password,” and “12345,” according to this year’s SplashData report.
Furthermore, recent research on Ashley Madison passwords also shows that these habits haven’t changed. The report lists the following passwords along with the number of users:
|PASSWORD||NUMBER OF USERS|
Additionally, the guys from WP Engine made a whole case study on the profiles of the people who use these passwords. Unfortunately, these profiles are too common, which makes the use of weak passwords one of the most serious problems in the overall cyberspace. For cloud apps, especially those that do not provide two-factor authentication options, the first step towards security is the use or rock-solid passwords.
Client-side encrypted solutions should be a preferred choice.
In addition to secure passwords and two-factor authentication, client-side encryption is another effective way to minimize the risks of cloud data breach. This means that the system encrypts credentials and data on a user’s device, thus leaving virtually no option for attackers to hack into their accounts.
Such examples include pCloud.com, Boxcryptor.com and SpiderOak.com. Taking pCloud as an example here, as it’s probably the most interesting competitor to cloud giants. With its pCloud Crypto, the app provides an advanced level of protection for sensitive files by encrypting them both in transit and at rest.
The data lies encrypted on a remote server and nobody can read it without the access to the encryption key, which is stored on a user’s device. Such solutions are particularly convenient for businesspeople, who increasingly use personal mobile devices to store both personal and company files.
Clearly, both the availability and the use of secure cloud solutions have greatly increased over the last few years. People use multiple storage applications, but their files are still at risk when accessed via insecure networks and using weak credentials. Now that more cloud providers are toughening their security features, we might expect a greater effort on educating people on both security threats and data protection best practices in the cloud.
Top/Featured Image: By Perspecsys Photos / Flickr