Cloud storage: How secure are Dropbox OneDrive Google Drive and iCloud?
Cloud computing has been a dominant force within business IT for many years and has only grown stronger in 2020 due to the COVID-19 pandemic and the fact that the majority of employees are currently working outside of the traditional office. This has seen us become even more dependent on cloud-based services which now hold more of our data, be it personal or work, than ever before. As such, it is
critical for businesses that these platforms keep this data safe and secure - particularly as hacking and ransomware attacks are on the rise; an October report revealed that ransomware attacks in the UK increased by 80% during the pandemic as hackers take advantage of mass remote working. SEE MORE Your business deserves better than consumer cloud storage SEE MORE The state of cloud storage in five charts SEE MORE Tresorit Business review: Super-secure shared storage So which cloud services and platforms are best? We’ve compiled a list of the best leading providers and weighed up their security protocols to help you sort the secure from the unsecure. For a more general overview of the pros and cons of each, you can find that here. How secure is Google Drive?
Google Drive has become a go-to storage platform for businesses, partly due to how well it integrates with third-party apps and its seamless connection to other Google services. However, this has created a concern around how much access it has to other services and platforms should it be hacked into. Thankfully, Google has used HTTPS on all its services for years and also has a team dedicated to monitoring compromised account activity. On top of that, Google also uses ttwo-factor authentication and SSL encryption for data transferring to and from a device - it does, however, use the weaker 128-bit AES encryption for data at rest. History of Google Drive hacking Given that Google’s cloud services are so interwoven, a hack on one service tends to put the others at risk. In 2014 it was claimed that nearly five million Gmail accounts had been hacked when a database of user credentials was found on a security forum on a Russian website - although this turned out to be a dump of older phished passwords that had largely been reset by Google in the time since the theft. While Google Drive itself has never fallen victim to a major cyber security incident, a system administrator recently flagged a flaw in the cloud storage system which they claimed could be used by a hacker to trick users into downloading malware or ransomware. The flaw related to Google Drive’s “manage versions” feature, which lets you upload a new version of an already-uploaded file. How secure is Dropbox?
The second platform on our list enjoyed popularity among consumers as an easy-to-use file storage suite, although it has shifted towards the enterprise market in recent years. During that time, Dropbox has also improved its security protocols in response to growing threats online, including the encryption of data in transit using secure sockets layer (SSL), and at rest using AES-256 bit encryption. The platform also has stolen and lost device protection, allowing you to unlink devices from your account on the fly. Business users get some extra features, including the option to set permissions for file collaboration and enable password protection and expirations to any shared links. Dropbox employees are unable to view the content of your files, although the company does have the mechanism to access files if required to do so, such as during a legal investigation. Metadata is accessible by employees too, normally as part of tech support. History of Dropbox hacking Major Dropbox hacks have been few and far between, although those that occur proved to be particularly damaging for the company. The first happened in 2012 when a compromised password was used to access a Dropbox account owned by an employee. At the time, Dropbox said the hack provided an intruder with access to documents containing a handful of customer email addresses, which became the target of phishing attacks. This prompted Dropbox to add two-factor authentication to account logins. However, in 2016 it was revealed that the hack was much larger than previously thought, with a dumped database of 68 million passwords being leaked online that was said to stem from the initial 2012 breach. Dropbox said at the time that there were no indications that user accounts had been compromised following the incident. How secure is iCloud?
Apple has built up a reputation for excellent security. Although its iCloud platform had its reputation tarnished briefly when it fell victim to a high-profile hack in 2017, the service continues that trend by offering users a robust set of security features. “iCloud is built with industry-standard security technologies, employs strict policies to protect your information and is leading the industry by adopting privacy-preserving technologies like end-to-end encryption for your data,” Apple’s iCloud web page promises. Like Dropbox, iCloud uses SSL to encrypt data in transit, although it uses AES 128-bit encryption rather than the more secure 256-bit used by Dropbox. The only exception to this is in the iCloud keychain, used to store and transmit passwords and other sensitive user data, which uses 256-bit encryption. However, privacy has become a focus for the company in recent years, making a big deal out of the fact that encryption keys are created at the device level and that Apple can’t access these itself, or any of the data that you might need to decrypt them. Like many other platforms, iCloud provides security tokens for added authentication when accessing other apps through it, as well as two-factor authentication at login. History of iCloud hacking iCloud has actually maintained a solid track record when it comes to security, although one incident served to tarnish its reputation. In 2017, iCloud came under intense scrutiny after hackers breached around 50 accounts belonging to celebrities and leaked their contents online. Although the incident was actually the result of successful phishing attacks against a select group of celebrities, the integrity of Apple’s cloud platform was called into question. Even now, the 2017 iCloud hack remains one of the most famous data leaks in history. How secure is OneDrive?
The last entry on this list is Microsoft’s OneDrive, which has largely managed to remain out of the headlines when it comes to security incidents - although Microsoft’s other services, particularly Windows, are some of the most attacked platforms on the market. That doesn’t necessarily mean it’s more secure than the other platforms. It generally uses the same standards as others, including data encryption, only with OneDrive this is done by syncing your data to the BitLocker on your hard drive. This means that data is encrypted at rest using the BitLocker, while Microsoft Cloud handles encryption while in transit. An additional bonus of this system is that encryption is done on a per-file basis, meaning that if a key was compromised hackers would only be able to access that particular file. As you might expect, users also get two-factor authentication at login. History of OneDrive hacking Unlike the other platforms, OneDrive has never really been targeted by a major data breach, and most security concerns surrounding the platform usually stem from user error, such as accidentally sharing files with someone they shouldn’t have or using weak credentials. Microsoft has taken steps to remove as many of these issues as possible, and is one of a number of companies championing passwordless logins. Cloud storage security: A summary It’s a widely accepted fact that no cloud storage system will ever be 100% secure, especially given that upholding the integrity of every account is reliant on the user following best practices. The decision you have to make as a customer is deciding which storage platform does the most to avoid potential security incidents. The factors that influence this decision will vary depending on the nature of your business and whether you have specialist requirements, such as businesses in a heavily regulated industry. However, for most consumers and small businesses, each of the platforms listed here are generally good enough for protecting data, as each provides some form of data encryption at rest and in transit - which is perhaps the most important thing here. Data protection is also improving all the time, and each of these platforms are being updated with better safeguards each year, meaning you can typically rely on the company to do most of the legwork. However, if you’re unsure, you can always encrypt data yourself before you share it with an online platform. That way, even in the unlikely event that a company’s encryption keys are decrypted en-masse, only you will be able to access your files. Perhaps the most cost-effective way to ensure your data never gets leaked is to follow best practice security principles. Scrap all those reused passwords, invest in a password manager, and take advantage of two-factor authentication if you’re given the option.
Date: 2019-10-18
itpro.co.uk
AWS ditches Nvidia for in-house ‘Inferentia’ silicon (2020-11-13) | Amazon Web Services AWS will ditchNvidia chips responsible for the processing ofAlexa queries and will instead use itsown in-housesilicon the company confirmed on Friday The cloud giant willalso be shifting data processing for its cloud-based facial recognition system Rekognition over to these in-house chips according to Reuters SEE MORE Amazon opens up Alexa chatbot tools to developers SEE MORE A.. AWS ditches Nvidia for in-house ‘Inferentia’ silicon |
IBM: Hackers are targeting COVID-19 vaccine ‘cold chain’ (2020-12-03) | A global phishing campaign is targeting organisations working to ensurethe temperature-controlled storage and transportation of the COVID-19 vaccine otherwise known as the cold chain The phishing campaign which was uncovered by IBMsecurity researchers was reported to have begun in September 2020 Spanning across six countries it targeted organisations associated with Gavi The Vaccine Alliances Cold.. |
What is a Trojan? (2019-08-14) | What was once the name for a wooden horse that was used to sneak Greek soldiers inside the walls of Troyis now a term that puts IT professionals on edge A Trojan often referred to as a Trojan horseis a form of malware disguised as legitimate software that either causes damageto a users device or enables external access to it As theirnamesake suggests Trojans prefer toremain undetected on a usersma.. |
Samsung Galaxy S20 Ultra hands-on review gallery (2020-11-27) | Room to zoom? |
Google slashes free media storage to 15GB (2020-11-12) | Google will restrict the online cloud storage capacity for high-quality photos and videos to 15GB from next year as the firm looks to capitalise on the millions of users who have come to rely on the service From June 2021 new high-quality content uploaded to Google Photos will count towards a free 15GB storage capacity with the company making several pricing tiers available to those who need to st.. |
Ransomware remains the top cyber security risk for SMBs (2020-11-17) | Ransomware still poses the biggest malware threat to small and medium-sized businesses SMBs cloud cyber security providerDattohas found The findings are part of Dattos fifth annual Global State of the Channel Ransomware Report which surveyed more than 1000 MSPs on trends driving ransomware breaches as well as the impactCOVID-19has had on SMB security SEE MORE UK ransomware attacks surged 80% in la.. |
AWS is bringing Apple’s macOS to its cloud service (2020-12-01) | Amazon Web Services AWS has announced that Apples macOS operating system will be available on its cloud service for developers Amazon EC2 Mac instances for macOSand will run on Mac mini computers and will support developers building apps for the iPhone iPad Mac Apple Watch Apple TV and Safari SEE MORE AWS Re:Invent: AWS takes wraps off two new EC2 instances SEE MORE Apple unveils updated Mac lineu.. AWS is bringing Apple’s macOS to its cloud service |
BenQ PD2705Q review: Terrific value for everyone except print designers (2020-11-27) | Not every creative professional can afford to spend over 1000 on a monitor but BenQ reckons it has the answer in the PD2705Q: a hardware-calibrated display with the assurance that even screens from different production lines will output consistent colours Each monitor comes with its own calibration report and the promise of an average Delta E of under three plus certification from CalMAN and Panto.. |
How secure is Google Drive? (2020-11-20) | We look at how secure Googles popular cloud storage solution is as part of our wider cloud storage roundup |
Ticketmaster fined £1.25 million for 2018 data breach (2020-11-13) | The Information Commissioners Office ICO has fined Ticketmaster 125 million for failing to provide adequate protection for user data Ticketmaster violated the General Data Protection Regulation GDPR by failing to put in place adequate security measures to prevent a cyber attack on achatbot installed on its online payments page in 2018 SEE MORE ICO to relax GDPR enforcement during coronavirus econo.. |