Encryption Is a Must for All Sensitive Data

By Wayne Rash  |  Posted 2012-08-03 Print this article Print

Since it€™s unlikely that you can depend on your public cloud provider to provide really good security any time soon, you need to take matters into your own hands. Here are a few things you can do:

  • If possible, make sure your user name and password are unique to the service. If you must use your e-mail address for a user name, then use one not used elsewhere, even if you have to create one.
  • Don€™t share your login information.
  • Don€™t ever, under any circumstances, put documents or records subject to compliance requirements into a public cloud service. Not ever.
  • Encrypt any files you put into a public cloud service before you upload them. There are a number of ways to do this, including some open source automatic encryption packages.
  • If you€™re using a public cloud service, change your password. Now. Then do it again on a set schedule. This helps ensure that if you did reuse your password, a hacker won€™t have as much likelihood of getting to your data.
  • Don€™t make the public cloud service the only place where you store critical data. It€™s great as a place to keep presentations so you don€™t lose them, pictures of your pets and grandchildren so you can show them off and things like to-do lists. If the data contains information that needs protection, such as credit card or social security numbers, encrypt it or don€™t store it there.
  • Keep tabs on your account, check it for unusual activity or unexpected changes to content, or other evidence that someone else may have been there. If you find that, either change your password immediately, or get your stuff out of the cloud, close your account and find another provider with better security.
The one thing missing from Dropbox€™s statement about its breach is more detail on what they€™re doing in terms of additional controls. Did they remove the employee from a position in which they had contact with customer data? Is there better management oversight? Is the company improving its training?

The sad truth is that there is no shortage of dumb things that users can do to compromise security. This has never been a secret and it isn€™t now. Dropbox should have anticipated this, and should have taken steps to make sure it wouldn€™t happen. Perhaps now the company will take those steps.

What it means to you is that before you store data that€™s even remotely important or sensitive, check the security policy and practices of the cloud service you€™re planning to use. Then encrypt everything anyway.

Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel