Cloud Services, please encrypt locally beforehand.

I know that I made a post outlining why local backups aren’t for me, but they sort of are. The entire concept of “the cloud” can be rather complex, or simple, depending on how much you want to think about it – but in summary, it is defined as:

cloud service is any service made available to users on demand via the Internet from a cloud computing provider’s servers as opposed to being provided from a company’s own on-premises servers.

Storing items such as entire servers on AWS infrastructure, to personal data in a personal cloud storage service have all become popular in 2017 – even though a number of reputable cloud services have been compromised recently.

So, why? To many, it’s a simple method of storing data to be accessed via multiple devices, and is a form of “data backup”. Poppycock!

In this post I will briefly touch on some popular cloud providers, and some basic steps to secure your personal data.

Known Cloud Services Providers

Can we call these CSP? Not sure. Below listed are a number of well-known cloud providers available to consumers free of charge, with paid subscriptions available.

Each provider boast their own free storage and availability. For example, Mega provide 50GB of “Encrypted” data storage, whereas DropBox give 5-10GB free (through promotional offers).

Product Name

Price

Supported Platform

DropBox Free options available. Paid solutions exist. Android, iOS/OSX, Window and Linux
 Box Free options available. Paid solutions exist. Android, iOS/OSX, Window and Linux
Google Drive  Free options available. Paid solutions exist. Android, iOS/OSX, Window and Linux
 Mega Free options available. Paid solutions exist. Android, iOS/OSX, Window and Linux
 iCloud Free options available. Paid solutions exist. Android, iOS/OSX, Window and Linux
 OneDrive  Free options available. Paid solutions exist.  Android, iOS/OSX, Window and Linux
ownCloud Free options available. Paid solutions exist. Android, iOS/OSX, Window and Linux

Note: Supported platforms may refer to web-UI as opposed to native clients.

Ensuring Data is Encrypted

If you are wedded to using cloud services, and look; they’re not evil, then there are precautions you can use to ensure the integrity of data stored on the cloud. If your cloud provider has a local client (Mega, Dropbox, Box, OneDrive and OwnCloud do) that uses a local folder to sync, you can encrypt that data!

There are a number of methods you can use, but I will cover the following:

  • Using 7ZFM (Potentially scripting it via the 7z.exe CLI) to password protect archives;
  • Using AxCrypt to encrypt file-by-file data and;
  • Using BoxCrytor for file copies.

7Z File Manager

7-Zip is a feature-rich archiving tool designed to compress documents, files and videos into a secure zip for portability. Implementing a password to the archive (using AES-256) prevents or increases the complexity of unauthorised attempts to the data.

7ZFM

7-Zip also supports encryption with AES-256 algorithm. This algorithm uses cipher key with length of 256 bits.

The issue, and why I would not recommend this process, is that the data needs to be re-zipped upon changes made. If this is a one-time upload, then this method is the simplest process.

AxCrypt

AxCrypt is a small tool allowing file-by-file, folder-by-folder and hard-drive encryption via a simple GUI.

In the below image (left image first) is the method presented when de-crypting an already encrypted file.

The right image, is the context menu allowing you to encrypt data as either a copy, as an EXE or to make as a key-file.

There is little information readily available to just how secure AxCrypt is, however their website offers the following:

A key length of 128 bits is sufficient in most cases, except where rules and regulations or personal preference stipulate a higher level. AxCrypt Premium offers 256-bit encryption which is the strongest standardized encryption available, and is used for secret and top secret information all over the world.

I personally use an older version of AxCrypt before the solution became monetised, so this will vary; unless you purchase the solution at $35.00/year AUD you will not be able to use the mobile applications, and AES-256.

Box Crypt

The concept of mirroring directories has been discussed before – on another of my blogs. Implementing a solution such as BoxCrypt will allow you to automatically (at pre-defined periods) sync this directory to your cloud-service folder (Such as Drive or DropBox) with AES-256 Encryption.

What this does is ensures that before any data is uploaded to your cloud provider (which should also encrypt your data) is already encrypted with your passphrase.

To further add complexity to this solution, you could implement DSynchronise to first mirror the file-level encryption to another directory, which could be encrypted with another program:

Dsync.PNG

We will do another post on the use of this application

My local backup policy (policies?), and why I prefer them

To ensure data security, I implement an extensive process for data backup regimes. The process can be identified as a 4 step process.

Encrypting File-Level with AxCrypt

The first process I implement is encrypting all files in my user directory with a secure password, which requires me to decrypt each time I utilise them.

Do not encrypt application-specific folders!

Using DSyncronize to Copy to NAS

Implementing DSyncronise to copy data from my Documents to my locally shared NAS at frequent periods (generally late, after I have done my work and am gaming) with no additional password.

Using iPerius to backup NAS Copy to another HDD

Using iPerius to perform a full, encrypted backup of the NAS directory to another directory (I use Orico 2 Bay NAS), which is just another HDD.

Using BoxCryptor to sync to a local FTP NAS

From there, BoxCrypt syncs this directory to my mounted FTP NAS (Rasp Pi, with USB storage – my data is 10-15B a pop). I can inverse this and make it sync to Google Drive or DropBox if wished.

Corrections? Questions? Requests?

2 thoughts on “Cloud Services, please encrypt locally beforehand.

  1. Pingback: Automatic Backup of Android – Non-Rooted – /

  2. Pingback: My New Backup Policy | Michael Nancarrow's Personal Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s