Storing in the cloud securely: 30 services compared
- — 20 June, 2012 14:04
What to look for
Every business has its own requirements, and the following will help you to narrow down the choices to those that meet your needs.
Platform support—Naturally, most services can access files through a browser, and most will provide a native Windows client as well. But if you support multiple platforms, are native Mac and Linux clients important as well? And what about mobile smartphones and tablets?Note that, even for services that don't provide a native iPhone, Android or Blackberry client, such services can usually still be accessed by the web browser on the phone or tablet, with services often providing a mobile-formatted web front-end.
Although not specifically stated in the table, most services also provide syncing across platforms and devices.
Collaboration—Personal services don't usually do much in the way of collaboration options beyond basic link-sharing. However business focused products can include a wide range of extra collaborative services including multi-user access to the same account, editing privileges, access controls and in some cases threaded commenting to track discussions. Importantly, as plans err to the enterprise side, most services provide full-featured logging and reporting functionality, so you know what has been uploaded/downloaded, by whom, and when. Beyond ensuring data is secured with encryption (see next), being able to monitor who has accessed what is the next best thing to keeping tabs on your data. Naturally, however, the plans that offer this functionality usually cost a bit more too.
Security—The crux, ultimately, of these products: as before, all services claim encryption of data at rest as well as in transit (by which they mean using SSL). Some services also provide the option for password protected files, folders and links while only a handful allow you to set manual expiry dates so files are deleted after a period.
The most important feature, of course, is private-key encryption and we've highlighted this in the table with services such as SpiderOak, Wuala and Jungle Disk. Others like Mozy, ElephantDrive and Box make it optional (more on this below) or provide it only with business plans.
Any service offering private-key encryption will usually state (if not directly in its supported features, then in its FAQs or Knowledge Base) that if you lose your key, they cannot help you recover your data. Which is, of course, the idea—only you should be able to decrypt it. Private keys are almost always based off a pass-phrase, and data is encrypted before being uploaded (also encrypted, as above, using SSL). This means from end to end no other party, including the service provider, is able to access your data, which is naturally the goal.
Note, however, that the use of private-key encryption can sometimes limit the extensibility of sharing—after all, the service provider isn't able to decrypt the data, so sharing of private-key encrypted files requires the recipient to have the password as well. This is likely why some services make it optional, especially in the case where encryption can only be offered for the whole account. Some services, however, can enable private-key encryption on a file/folder basis.
Finally—and this isn't addressed in many documents from service providers—note that mobile phone and tablet clients don't necessarily support encryption at all, due to the processing limits of the device. This not only applies to data, but sometimes to login credentials as well. If the use of a mobile client is desired, ping the support of the provider you're looking at to confirm if encryption is supported on their mobile clients.
Sharing—While some cloud storage services focus on being a backup for personal and business data, others highlight their ability to make it easy to share data with others. Certainly this is going to be the case for most free personal services employees might already be using. Sharing is usually through direct URL links to files on the service, which may be able to be password protected, but can also be through cross-account sharing with other users of the service. Note that for link-based sharing this is often only for sharing of individual files. If the sharing of large numbers of files is required, look for services that allow folders to be shared as well.
Services with an emphasis on backup tend to offer clients that allow you to schedule backups automatically, as well as file versioning to recover previous versions or deleted files. Both are nice to have for personal and business accounts alike.
Other features—A handful of services provide for directly editing documents on the service for certain file types, usually office documents (Word, Excel etc). This includes the ability to do so through mobile clients, which can be handy, and for those services that provide collaboration features this can include file-locking to ensure two people don't edit the same document at the same time. The two popular choices here appear to be Zoho's offering and Google Docs, and naturally Microsoft's Skydrive uses its own online Office offering.
Some administrators might feel comfortable about getting raw access to the service via FTP and so it's not surprising that some providers allow for this—a number of other providers, however, list 'getting rid of FTP' as one of their selling points in the marketing literature as means to exemplify how far we've come with network storage, and naturally don't offer the option to use FTP!
Making a choice
Given each business is unique and the extensive features cloud storage services now provide, it's hard to recommend any particular service, with the exception that if—like IBM—you're concerned about the nature and sovereignty of data being uploaded that you choose a service that allows for private-key encryption. And then, don't lose the keys!
An alternative encryption
Since the key to maintaining control over your data is, well, to control the key, there is another solution for secure online storage that doesn't rely on a service using private-key encryption: use a common service, but encrypt the files yourself before uploading. This way, even if your files are accessed by anyone else, they are unreadable.
Naturally, this is more work, but only a little. And there are plenty of options to choose from.
For single-file encryption and decryption you can actually use the popular compression tool 7zip, which includes in its interface the option to encrypt a file with 256-bit AES as well as compress. Alternatively, the Windows-based AxCrypt makes it easy to individually encrypt and decrypt files with 128-bit AES, and also provides an Android app to do the same. And for cross-platform there's GnuPG which can be found in the default software archives for all Linux distributions.
Alternatively, while it provides whole-disk encryption TrueCrypt can also create an encrypted virtual disk-in-a-file that makes it easy to store lots of documents on a virtual 'drive' in Windows. The encrypted disk volume can then be uploaded as a single file.