Logistics

[asim18]

We know because they are audited and certified to known security standards. Google for instance is certified to ISO27001 and SSAE16/ISAE3402 SOC2-II standards. Good enough for banks is good enough for me, and loss or unauthorised access to my data is somewhat astronomically less likely than someone nicking or tripping over my NAS box!

I can tell you have never been present after an audit is announced.

And good enough for banks? Don't you remember those low-tech gangsters from east london who managed to infiltrate a major bank's data with nothing but a USB stick?

Also, you may have forgotten how the NSA/GCHQ initially infiltrated Google? It was accomplished internally by tapping internal data links. That's the reason they encrypt internal data transmissoin these days but it's still not safe with firms moving on to quantum cryptography in light of all the big data corporations using more encryption.

 

[CGrieves]

I can tell you have never been present after an audit is announced.

And good enough for banks? Don't you remember those low-tech gangsters from east london who managed to infiltrate a major bank's data with nothing but a USB stick?

Also, you may have forgotten how the NSA/GCHQ initially infiltrated Google? It was accomplished internally by tapping internal data links. That's the reason they encrypt internal data transmissoin these days but it's still not safe with firms moving on to quantum cryptography in light of all the big data corporations using more encryption.

I'm studying for CISSP, I find USB attacks and social engineering the most fascinating aspects of security.

But my point was really- my money's still in my bank account, so for me if we're just talking about the availability of a commodity (my money) the measures the banks have taken really are "good enough".

If I was storing trade secrets I'd be a little more proactive in assessing the risks. But these are my photos. They're still there on my Google Drive, I'm certain enough that they'll still be there tomorrow, and if the worst happens I have three other copies. As a service that I want to pay for, consume and not worry about, their security measures tick enough boxes to assure me that they are serious about it. If there's one thing CISSP teaches you, it's that there is no perfectly secure system when there are humans involved, there is only "good enough". If the NSA or Google infiltrate and peek at my pics of my cats, I hope they enjoy them

A mate of mine was burgled a couple of years ago- lots of insured stuff nicked, including a Drobo NAS. Luckily he had a SafeSync backup of all his important data (I say lucky- SafeSync was a nightmare). It was enough to prompt me to get the stuff that's important to me in the cloud. Everyone else's risk assessment may vary!

 

[ElDude]

I store mine in a simple way. Raw files on backup drive and C: in Lightroom backup. A backup on external drive. The photos I don't hate are on Flickr, processed, but are also backup up twice too. I also keep the most recent photos encrypted, zipped and on drop box.