The terms cloud storage or online storage denote storage space which can only be accessed over the Internet. There are many providers of such cloud storage facilities. But not all of them come off well as far as data protection and data security are concerned.
- choosing a suitable cloud provider
- ensuring you are able to securely authenticate yourself (two factor authentication, if possible)
- applying our «6 rules for a secure password»
- only ever transmitting your data in encrypted form
- only ever storing your data in encrypted form
- creating an additional local back-up of your data
The advantages of cloud storage
Since with cloud storage, data (documents, photos, films, passwords, etc.) are stored centrally at a data centre, you can access these from several devices (also at the same time). This makes sense to save on storage space. In addition, central storage of data enables you to access them from anywhere and via different Internet-enabled devices (computer, laptop, smartphone, etc.).
You can for instance look at pictures, share and edit them while you are travelling. In addition, several different people can work on a document without being in the same location. This saves time and complex planning and co-ordination.
The dangers of cloud storage
Next to all the advantages mentioned above, there are still dangers, though. After all, you do pass on your data to a third party!
Since many data on the Internet are systematically recorded and analysed by intelligence services, particular caution should be exercised with regard to the use of foreign cloud services, for instance those offered by Google, Microsoft, Dropbox etc.. Cloud providers in Switzerland which exclusively store your data inside Switzerland offer better data security. Although this does not offer complete protection against espionage, it makes it considerably more difficult for foreign intelligence services to access your data. Another advantage is that stricter data protection laws are in force in Switzerland than in many other countries, in particular non-European ones.
It is essential that you also follow our 5 steps for your security on any devices accessing cloud data. In addition, there are a few distinctive features in connection with cloud storage which require special attention.
Secure access (secure data transmission)
There are two different methods of accessing cloud data. You either call up a service directly from their website, log in and work inside the browser, or you use a program or app installed on your device providing you with access to your service.
The point of access is the vulnerability here. A weak password, or no password at all, throws the gates wide open to attackers. You should therefore urgently follow our «6 rules for a secure password».
In case your device is infected with malware, your data inside the cloud will also be unsafe and prone to attack. Access via unsecured networks - i.e. WLAN - also poses a risk.
If possible, use two factor authentication, similar to the method used with e-banking. Two factor authentication requires an additional one-off access code (e.g. via text message) in addition to your user name and password to access a service.
Use a service which transmits your data in encrypted form. Inside a browser, this is for instance the case if «https://» and a lock symbol are displayed at the beginning of the address line. If your data are not transmitted securely, they are visible to unauthorized parties! Further information can be found here.
Even if you use a cloud service via software or an app installed, it must be ensured that data are transmitted via an encrypted connection.
Access via smartphone or tablet is not quite without its problems either. Should your smartphone fall into the wrong hands because it is lost or stolen, your data will only be as safe as the extent to which access to your smartphone and your cloud service is also protected. Further information on this can be found here.
Secure data storage
When you store your data in the cloud, you entrust them to a third party for safe keeping. For this reason, it is vital to pay particular attention to data back-ups and data encryption, to name just a few.
You are generally unable to check that your cloud provider backs up your data correctly. For this reason, you should make absolutely sure that you regularly create local back-ups of all your data stored in the cloud, too. Further information can be found here.
Most cloud providers nowadays store data in encrypted form. However, you cannot really check the measures taken by your cloud provider here either, and above all, any measures may not necessarily protect them from the prying eyes of the provider themselves. The most secure method is to encrypt and decrypt your data yourself. At least all sensitive data such as bank statements, tax documentation etc. should be encrypted by yourself.
Cloud provider location
Information about the location of your cloud provider and its data centre will provide you with information as to what kind of data protection laws your data are subject. With many cloud providers though, it takes quite some research to establish this… And there are no guarantees that your provider will stay in the same place for the long term, either.
Using cloud services becomes particularly critical if third party data requiring special protection are stored with a cloud provider. This can very quickly lead to a breach of the law (Federal Act on Data Protection (FADP)).
Some instances of personal data requiring special protection are:
- Views or activities of a religious, ideological, political or union-related nature.
- Data on health, private life or ethnicity.
- Social benefit measures.
- Civil or criminal prosecution and sanction data.
There are many cloud providers all over the world. The following list in alphabetical order of potential providers is not complete and not meant as any kind of evaluation!
Swiss cloud providers with data storage in Switzerland (as at 14.12.2015):
- MyDrive (http://www.mydrive.ch)
- Securesafe (http://www.securesafe.com)
- Speicherbox (https://www.speicherbox.ch)
Foreign cloud providers:
- Dropbox (https://www.dropbox.com)
- Google Drive (https://www.google.com/drive)
- iCloud (http://www.apple.com/en/icloud)
- OneDrive (https://onedrive.live.com)