Picking your cloud

By Tyler W.

July 25, 2020

Picking your cloud

Time to pick your cloud storage provider.

Choosing a good cloud storage solution is one that should not be entered in to lightly, especially when you are relying upon this for business purposes. As I always remind clients, “the cloud is just someone else’s computer” [I hate the term ¨the cloud¨, but it seems to be the easiest reference point here], and that someone and their computer, you do not have unfettered access to! As a result who you choose to be your cloud storage providers must be trustworthy and secure, so, do the research. Get it wrong and you could be in strife, especially in light of the Notifiable Data Breach in play these days.

Thankfully it is generally easier to get it right, than it is to get it wrong these days, as the increase in Ransomware attacks has seen many storage solutions increase their security standards and offer encryption (which is something I am very high on). All of my data is encrypted, my instant messages, my emails, my documents and my web traffic. I forgo some convenience and speed, but I have peace of mind, and I encourage you to consider making the same sacrifice.

I do not expect you to go to the extreme levels that I have, this is my job, and it is hard to recommend software and security if I cannot even guarantee my own data.

I get asked a lot, “how do you know which cloud storage provider to use”, or “aren’t they all just the same anyway”, and my answer to both is pretty simple. ¨Ask around¨, and ¨no¨. For some reason there is a fear, or a belief, we are not supposed to ask questions of our digital service providers. I believe this comes down to our professional egos. We know what we know, and we don’t want to admit what we don’t know. I never studied computer science, so everything I have learned is from asking questions and applying the answers to my own accounting practice, and through assisting other businesses implement technology solutions. Ask the question. Just because Dropbox, Microsoft and Google are huge companies, do not be intimidated to ask the question about where your data is stored, what is stored in plain text and what is encrypted. Ask about their back up policy, and ask what happens in the case of a breach. A lot of the times, nowadays, your concerns will be alleviated, but getting the facts is important, as using a cloud storage provider does not abdicate you from your responsibility in the event of a data breach.

Personally, I use Sync, and recommend it. They are located in Canada and as a result of their location they are part of the 5 Eyes (which is not great), so despite the data being encrypted do not think that this can be used for mischievous purposes. Thankfully I am not using it for such purposes, and neither are any of the businesses who ultimately choose this software upon recommendation. The encryption, and download restrictions serve as a protection in the event of an attack and allow for files to be shared in an extremely secure means. Have a look at sync.com the difference between this, and the alternatives is minimal to none, from a UI and UX level, but the security is next level.

This is how you share with sync.com…so many options!

This brings me back to the second question I get asked, “aren’t they all just the same anyway”. Despite my comments about the UX and UI, each provider is different. For instance sync.com is completely encrypted and the files are stored in Canada, while Google Drive completely un-encrypted and all data stored in the US Data Centres. Below are some key points on the main players at the moment:

Dropbox

Dropbox is arguably the most popular of the providers and thankfully their data is generally also encrypted, making it stronger than most others. You´ll find the files are stored either in Australia, America or Germany, but Dropbox makes no guarantee that your file is stored in only one location (therefore increasing your potential attack surface). Furthermore, just because you may be an Australian user, this does not guarantee that your data is stored on the Australian servers. Dropbox take security seriously and are always looking to improve. It could be argued their offering is quite ubiquitous these days (most people have a Dropbox account), and employing one of their tiered solutions is not a poor decision.

Sharepoint (OneDrive)

Sharepoint is Microsoft´s offering and has seen a very high adoption rate since the ´work from home´ increase. Again, from a UX point of view Sharepoint is strong, however it is worth noting that files stored are not encrypted, with the security being that user access can be restricted. Encryption trumps this security measure, however, does provide you some level of protection, albeit manually initiated. Our experience is the users are busy and any security measures need to be automatic in order to maximise the reduction of the attack surface. The data is stored in the country of origin where possible. This means, as an Australian user, data will be stored in Australia where it is possible for Microsoft do so.

Google Drive

We have some clients who use this solution as it comes ´free´ with their G-Suite subscription and as a result we can understand and appreciate the appeal of this offering, however, we never recommend this cloud storage solution for anything private or confidential. The fact of the matter is that Google have poor privacy standards, and are in the intelligence gathering business. These files are stored 100% in plain text, and are not stored in Australia, with all data centres located in the United States. Use Google drive for anything non-sensitive and that is not critical to you. It cannot be relied upon as an adequate business solution alternative at this point in time.

So while, they all seem to the exact same thing, you can see that they are all quite different with different storage locations and different levels of encryption security. You need to evaluate what you need the storage for, and then you need to evaluate your risk appetite as to which offering is best for you. They all can solve a need for you, but you need to evaluate what is important to you, considering budget too.

As an additional safety precaution, do not use the desktop sync function that comes with all of these solutions. I understand using this provides immense convenience, but also places your files at risk to ransomware attacks. If you are syncing to your desktop then all your files are locally stored (effectively) and you are circumventing the implied cloud security that exists with these solutions. While many cloud providers will offer free versioning history, why would you want to give the attackers an easy platform to throttle your business by using the desktop sync application. Employ some data hygiene and do not use this.

I hope you have found this comparison beneficial, and it has helped you evaluate your current online storage requirements, process and provider. Feel free to reach out if you wish to discuss online storage further, or if you need any help introducing any cloud solutions.