I was discussing with some of my friends today on cloud security. The friend who initiated the topic, discussed about Dropbox security how the unencrypted files might be vulnerable for unauthorized access by drop box employees etc., There were discussions about encryption tools like boxcryptor , datalocker, axcrypt and other secure cloud providers like spideroak etc., His concern was not to trust these cloud providers. My friend was really paranoid with all these security issues. He said he makes sure everything is secured and encrypted etc., So, i asked him is he sure about it. He said yes. I asked him few questions.
1. Do you transfer documents as attachments on gmail ?
Answer : Yes
2. Do you encrypt them ?
Answer : No
3. Do you use flickr, picassa and other photo sharing tools ?
Answer: Yes
4. Do you use social networking sites like facebook, google+ , twitter etc.,?
Answer: Yes
So, i asked him how he is sure that all his data is safe when the data in any of the services mentioned above can be accessed by the employees of that respective company ? Am not saying employees of these firm would check these files. When talking about security , you have to consider all the possible aspects. After all "Any Security is as strong as its weakest point".
Ok, Don't get me wrong. Am not trying to offend my friend here or trying to make him more paranoid or trying to say that the data in gmail , flickr would be seen by its employees. Even though theoretically its possible , they have standard security process to follow. My only point is , when we go online we have our data out in the cloud. It is not just about the Dropbox, skydrive, box, icloud . Even before these things existed , we started to put our data in the cloud.
So, whats the point ?
Ok, let me get to it. Just BoxCryptor, truecrypt or any encryption tool might not help or in the same sense only your anti virus/ anti spyware can not alone protect you.
Cloud is inevitable in this generation. So , when thinking of security , it is all common sense and that should be applied in everything. Eg., You keep all the files secured and send a mail to yourself the password so that you don't forget it. This is a real life example and i have seen people doing it. or people would use all the good encryption tool but keep the password as "test123" or "password" or their name. Hope you are getting the point.
Any Security is as strong as its Weakest point. It is not only for cloud storage.