Simple, you trust no one. That means you assume your data will be lost or stolen at some point, and you take pre-emptive measures and plan for the worst. Here’s how your protect your data, even when your cloud providers get hacked.
Usability is always the enemy of security. Like a bank vault, accessing secured data can be difficult. There is always a trade off of accessibility vs security. You may never be able to be 100% secure from loss, but security is all about making smart trade-offs to maximize your security while minimizing the difficulty of accessing data. This might sound incredibly difficult, but modern encryption technology and private cloud infrastructure make this much easier.
The most common methods for breaching security are social engineering (sending you fraudulent messages that appear legitimate and ask you for your credentials), and exploits for existing known security vulnerabilities in software and hardware. You can protect yourself from the former by requiring multi-factor authentication: require a text-message in conjunction with your password to access a system. You can protect yourself from the latter by keeping your systems and applications updated continually. But how do you protect yourself from your cloud vendors failing to protect your data?
There’s one way to protect yourself from all types of security breaches – and that’s multi-layer security. Also called security-in-depth. For example, if your data is encrypted with a password your cloud provider doesn’t know (and you never provide to them), you’re guaranteed that a security breach of the vendor’s systems or loss of your cloud credentials doesn’t compromise your most sensitive data.
Sure, cloud providers may claim your data is secure, but the reality of service management and internet complexity means it’s easy to make a mistake. For very sensitive data, you can protect yourself by using a private cloud service, where your data is encrypted before it’s uploaded to the cloud. What’s the difference? In a “public cloud”, like DropBox or Office365, your data and services are shared between many different clients – your email is probably stored on the same server as many other companies’ data. In a “private cloud”, only you have the encryption keys for your data. Human-ISM offers private cloud alternatives to DropBox and Google Drive, so your data is not available to the system administrators of Google or Microsoft.
Encrypting very sensitive data with a second password can protect you from both authentication security and data security breaches. VeraCrypt desktop software is simple to use and allows you to encrypt a few files or folders with an additional password on top of your normal login username and password. This means even if someone does hack into your systems, or compromise your passwords with social engineering, your most critical data is still safe.
At the end of the day, data security is more about policy than technology. The best way to ensure data is secure is to have clear rules for who can share data, and making sure people know what tools they have available to safely share that data.