I know that I made a post outlining why local backups aren’t for me, but they sort of are. The entire concept of “the cloud” can be rather complex, or simple, depending on how much you want to think about it – but in summary, it is defined as:
A cloud service is any service made available to users on demand via the Internet from a cloud computing provider’s servers as opposed to being provided from a company’s own on-premises servers.
Storing items such as entire servers on AWS infrastructure, to personal data in a personal cloud storage service have all become popular in 2017 – even though a number of reputable cloud services have been compromised recently.
So, why? To many, it’s a simple method of storing data to be accessed via multiple devices, and is a form of “data backup”. Poppycock!
In this post I will briefly touch on some popular cloud providers, and some basic steps to secure your personal data.
Known Cloud Services Providers
Can we call these CSP? Not sure. Below listed are a number of well-known cloud providers available to consumers free of charge, with paid subscriptions available.
Each provider boast their own free storage and availability. For example, Mega provide 50GB of “Encrypted” data storage, whereas DropBox give 5-10GB free (through promotional offers).
|DropBox||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
|Box||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
|Google Drive||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
|Mega||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
|iCloud||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
|OneDrive||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
|ownCloud||Free options available. Paid solutions exist.||Android, iOS/OSX, Window and Linux|
Note: Supported platforms may refer to web-UI as opposed to native clients.
Ensuring Data is Encrypted
If you are wedded to using cloud services, and look; they’re not evil, then there are precautions you can use to ensure the integrity of data stored on the cloud. If your cloud provider has a local client (Mega, Dropbox, Box, OneDrive and OwnCloud do) that uses a local folder to sync, you can encrypt that data!
There are a number of methods you can use, but I will cover the following:
- Using 7ZFM (Potentially scripting it via the 7z.exe CLI) to password protect archives;
- Using AxCrypt to encrypt file-by-file data and;
- Using BoxCrytor for file copies.
7Z File Manager
7-Zip is a feature-rich archiving tool designed to compress documents, files and videos into a secure zip for portability. Implementing a password to the archive (using AES-256) prevents or increases the complexity of unauthorised attempts to the data.
The issue, and why I would not recommend this process, is that the data needs to be re-zipped upon changes made. If this is a one-time upload, then this method is the simplest process.
AxCrypt is a small tool allowing file-by-file, folder-by-folder and hard-drive encryption via a simple GUI.
In the below image (left image first) is the method presented when de-crypting an already encrypted file.
The right image, is the context menu allowing you to encrypt data as either a copy, as an EXE or to make as a key-file.
There is little information readily available to just how secure AxCrypt is, however their website offers the following:
A key length of 128 bits is sufficient in most cases, except where rules and regulations or personal preference stipulate a higher level. AxCrypt Premium offers 256-bit encryption which is the strongest standardized encryption available, and is used for secret and top secret information all over the world.
I personally use an older version of AxCrypt before the solution became monetised, so this will vary; unless you purchase the solution at $35.00/year AUD you will not be able to use the mobile applications, and AES-256.
The concept of mirroring directories has been discussed before – on another of my blogs. Implementing a solution such as BoxCrypt will allow you to automatically (at pre-defined periods) sync this directory to your cloud-service folder (Such as Drive or DropBox) with AES-256 Encryption.
What this does is ensures that before any data is uploaded to your cloud provider (which should also encrypt your data) is already encrypted with your passphrase.
To further add complexity to this solution, you could implement DSynchronise to first mirror the file-level encryption to another directory, which could be encrypted with another program:
My local backup policy (policies?), and why I prefer them
To ensure data security, I implement an extensive process for data backup regimes. The process can be identified as a 4 step process.
Encrypting File-Level with AxCrypt
The first process I implement is encrypting all files in my user directory with a secure password, which requires me to decrypt each time I utilise them.
Do not encrypt application-specific folders!
Using DSyncronize to Copy to NAS
Implementing DSyncronise to copy data from my Documents to my locally shared NAS at frequent periods (generally late, after I have done my work and am gaming) with no additional password.
Using iPerius to backup NAS Copy to another HDD
Using BoxCryptor to sync to a local FTP NAS
From there, BoxCrypt syncs this directory to my mounted FTP NAS (Rasp Pi, with USB storage – my data is 10-15B a pop). I can inverse this and make it sync to Google Drive or DropBox if wished.
Corrections? Questions? Requests?