How to Keep Anyone From Snooping Around Your Cloud
By Evidence Solutions, Inc.
Computer Technology and Digital Forensic Firm
Computer Technology and Digital Forensic Firm
In recent years government has increased its requests for access to Cloud data. Storage-As-A-Service providers such as Google Drive, Dropbox, iDrive, Microsoft Skydrive, Apple iCloud and others are receiving numerous requests to view what has been stored by various individuals and companies. In addition to the government, there are instances of the storage company’s employees exposing or taking data for their own or others use.
Data breaches have been experienced by companies such as DropBox and iCloud which has exposed data. This happens when storage company employees seize the opportunity to make a quick buck selling everything from company data to personal credit card information which has been stored in the Cloud.
The American Civil Liberties Union reported the U.S. Government claims the right to read personal online data without warrants. This trend is not unique to the U.S. Government. Many governments around the world make requests of these service providers as well.
According to statistics published by Google, it received over 16,000 requests for information affecting over 31,000 users in 2012. Google’s same statistics stated they provided information in over 85% of the requests.
In 2012 Microsoft received over 70,000 requests affecting over 120,000 accounts. While this is a much higher number, Microsoft only produced information on these requests about 2% of the time. Almost 80% of the requests asked Microsoft to divulged subscriber and transactional information only.
Locking the thieves out:
Companies and individuals can take easy steps to prevent thieves, companies and the government from gaining access to online storage which contains private information.
Here are a few basic ways of protecting or encrypting the data to keep prying eyes from viewing confidential and/or personal information:
1) The data can be encrypted before it is stored in the Cloud. Products like TrueCrypt, Privacy Drive and MyInfoSafe allow for the user to encrypt their data. This type of encryption can be done for files as well as folders prior to storing it in the Cloud.
2) Use an “On The Fly” encryption product which encrypts data as it is stored by almost any online storage provider. Products like BoxCryptor, Cloudfogger, SafeMonk, and Viivo integrate with the Cloud Storage provider(s) of your choice encrypting data locally, but seamlessly before it is stored in the Cloud. These services provide encryption completely separate from the storage provider, ensuring even the storage provider employees can’t access data stored in their company’s Cloud.
3) Choose a provider that encrypts the data as part of their service. Storage-As-A-Service companies like SpiderOak, iDrive and Comodo not only transfer your data via an encrypted protocol, these companies also store the data in an encrypted format preventing those who don’t have an access key from easily viewing your data. It is unknown if there is a back door they are able to use to access data stored on their servers.
Businesses are acutely sensitive to government information requests due to their legal responsibilities under privacy laws, such as HIPAA and the Gramm-Leach-Bliley Act. Therefore, in highly regulated industries, such as financial services and healthcare, businesses must strike a balance between government oversight and consumer privacy.
The U.S. Electronic Communications Privacy Act of 1986 was enacted in the early days of the Internet. The act did not require government investigators to obtain a search warrant for requesting access to emails and messages stored in online repositories. In 2001, the PATRIOT Act further added to the authority of the federal government to search records under its "Library Records" provision, offering a wide range of personal material into which it could delve.
We are not suggesting people should try to skirt around the PATRIOT Act. But companies and individuals should do their best to comply with data privacy issues. It should be up to the organization or individual to establish a policy regarding exactly what, when and to whom they disclose information from their Cloud service provider..
By Scott Greene
ABOUT THE AUTHOR: Scott Greene of Evidence Solutions, Inc.
For over 30 years, Scott Greene has been helping companies meet the challenges of the swiftly evolving computer technology industry.
Directly from high school, Scott went to work for IBM. Scott studied Systems Engineering at the University of Arizona. He has since earned certifications in many products and programming languages.
The Evidence Solutions team analyzes data from Computers, Cell Phones, Black Boxes, Dispatch Systems, Medical Records, Email systems and more. Scott then explains the digital evidence in plain English.
Scott’s extensive knowledge draws clients to him from all over the United States as well as Internationally for consulting, Forensics and expert witness services. His extensive and diverse experience allows him to be an expert in many facets of digital and electronic evidence. Scott, a sought after speaker and educator, travels throughout the country sharing his knowledge and presenting to local, regional, national and International organizations.
Copyright Evidence Solutions, Inc.
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.For specific technical or legal advice on the information provided and related topics, please contact the author.