How safe is cloud storage?

Orionaut · 14 Mar 2019 at 14:38

EG Google drive, Onedrive etc.

Consider this story.

https://www.dailymail.co.uk/news/ar...00&jumpTo=comment-405580473#comment-405580473

Does cloud storage have a means of protecting data from hacks like this, Or is it just as vulnerable as any ordinary HDD?

Diddums · 14 Mar 2019 at 14:43

J.B · 14 Mar 2019 at 15:00

You've got more risk of someone password stuffing and getting access to your cloud storage. Ransomware is not such a threat for cloud storage.

Turn on 2FA and use unique passwords and your clouds will remain fluffy and white.

krooton · 14 Mar 2019 at 15:07

Cloud is for things you don't want to lose, but aren't that fussed if someone else gets ahold of.

So general pics = yay, nudie pics and text files with all your PINs in them = nay.

Pho · 14 Mar 2019 at 16:09

If you're really paranoid about storing sensitive data just do client-side encryption, e.g., with CloudDrive (it supports Google, DropBox etc) which does it for you automatically. Basically your device encrypts the data before sending it to the cloud, and decrypts it after downloading it from the cloud to view it. If your storage account gets compromised they can't decrypt the data.

If someone gets into your account and wipe all your data then most cloud providers have file rollback for ~x number of days so you can revert it once you get access back to your account.

ci_newman · 14 Mar 2019 at 16:13

Why doesn't that school have a back-up system?

Nemiyen · 14 Mar 2019 at 18:47

That school may have had disk based backups and lost those to encyption as well. Although they should do disk to tape or something like that at least once a week so the loss is negligible.

Cloud based systems are 100 percent possible to be hit by this as well in my opinion. Most cloud storage is connected by San I would think and if there's ever a hypervisor vulnerability (as there has been in the past) then in theory my virtual server gets the virus, passes it to your virtual server which then passes it to the host and encrypts the storage from the host. That then replicates across to other hosts and filters through the virtual machines and ..... Skynet is born!

I agree with the above. Cloud is good for anything you don't want someone else to get hold of!

Nasher · 14 Mar 2019 at 19:02

Not safe, unless you have control of both ends. A hacker isn't just a geek behind a keyboard, there are other methods to steal data. Social engineering in some form is the biggest one.

A business, school, whatever should be doing off-site backups properly. A physical backup device and media which they control. Not stuff it all in googledrive.

Problem is a lot of places will spend millions on a network, but don't want to pay a decent wage for experienced IT staff who know what they are doing. Which is probably what happened at this school.

h4rm0ny · 14 Mar 2019 at 19:47

Pho said:
If you're really paranoid about storing sensitive data just do client-side encryption, e.g., with CloudDrive (it supports Google, DropBox etc) which does it for you automatically. Basically your device encrypts the data before sending it to the cloud, and decrypts it after downloading it from the cloud to view it. If your storage account gets compromised they can't decrypt the data.

If someone gets into your account and wipe all your data then most cloud providers have file rollback for ~x number of days so you can revert it once you get access back to your account.

I was going to post similar but recommend https://www.boxcryptor.com/en/ . I use this and it's very good.

Semple · 14 Mar 2019 at 20:08

Orionaut said:
EG Google drive, Onedrive etc.

Consider this story.

https://www.dailymail.co.uk/news/ar...00&jumpTo=comment-405580473#comment-405580473

Does cloud storage have a means of protecting data from hacks like this, Or is it just as vulnerable as any ordinary HDD?

In this case, yes it would. The ransomware virus wouldn't be able to jump from the schools network to whoevers hosting the cloud storage.

Unfortunately this is typical of a school when you employ a bunch of amateurs to manage their IT equipment. But in a way is expected, a schools hardly going to be paying a typical salary for a specialist.

iamtheoneneo · 14 Mar 2019 at 20:13

ci_newman said:
Why doesn't that school have a back-up system?

More like why is the school using a US based system that doesn't comply with current EU data protection rules.

You are not the data controller here, there's no log retrieval, nothing, the IT staff would be instantly fired at any sensible company.

Semple · 14 Mar 2019 at 20:17

Nasher said:
Not safe, unless you have control of both ends. A hacker isn't just a geek behind a keyboard, there are other methods to steal data. One is for someone to actually get a job at the place and access it from the inside.

That's very hard these days. For a company who's business is storing data, security on premises will be just as strong as it would be online. You'll probably find that only a small number of people have access to the data centre, and cabinets require a key, and things like USB ports will be disabled.

touch · 14 Mar 2019 at 20:20

iamtheoneneo said:
More like why is the school using a US based system that doesn't comply with current EU data protection rules.

The school isn't using a US based system.
US based cloud systems can comply with EU data protection rules.
The data lost probably didn't contain personal information covered by data protection rules anyway.

iamtheoneneo · 14 Mar 2019 at 20:24

touch said:
The school isn't using a US based system.
US based cloud systems can comply with EU data protection rules.
The data lost probably didn't contain personal information covered by data protection rules anyway.

Ah fair enough

In my day teachers would get drunk and lose entire classes worth of coursework. Simpler times....

Semple · 14 Mar 2019 at 20:36

I find it hard to believe that none of the students had their own copies of the work that they could have resubmitted.

Nasher · 14 Mar 2019 at 21:56

Semple said:
That's very hard these days. For a company who's business is storing data, security on premises will be just as strong as it would be online. You'll probably find that only a small number of people have access to the data centre, and cabinets require a key, and things like USB ports will be disabled.

But you still don't know who they are or if you can trust them with your data.

I know a guy who was part of government penetration testing team, his favorite tactic was to get a job as a cleaner or other low level staff, or simply blag his way in (it's surprising how many people will simply hold the door open for a guy in a suit or hi-vis). Then start planting keyloggers and wifi devices to harvest passwords. They didn't even know he was in until he revealed himself. Didn't need any keys or special passes, just a login for their network and made his way from there. From outside the building.

mysticsniper · 14 Mar 2019 at 22:12

I like pCloud, they offer encryption in transit and at rest, although you have to pay for it. https://www.pcloud.com/

They are doing a deal at the moment, lifetime membership for £115

Sankari · 14 Mar 2019 at 22:13

Orionaut said:
How safe is cloud storage?

It's not that great for storing water, if rain is any indication.

Energize · 16 Mar 2019 at 17:11

Only an idiot stores everything in one location with no backup.

The IT manager should be sacked.

BowdonUK · 16 Mar 2019 at 17:38

If he had backups on a NAS connected to the network can they be encrypted with the ransomware?

I agree the IT manager should be sacked, and why is the system allowing attachments to be received from outside the network?