Home » Cloud Security » Are Your Documents Safe On The Cloud?

Are Your Documents Safe On The Cloud?


On Wednesday, some Dropbox users had a bad surprise. The cloud service, which is one of the best known, has admitted to being hacked. Some usernames and passwords have been stolen. Which means that the “hackers” in question could have access to the documents they had stored on the Dropbox servers. Fortunately for the company, it does not happen often. But this incident leads us to ask two questions: is not it risky to store his personal documents on servers online and can we trust Dropbox, Google Drive, Skydrive, Amazon Cloud Drive, iCloud …?

“Authentication should be stronger”

Most of these services say they are doing everything they can to protect your data. For example, Google specifies that the documents you store are fragmented, have a file name chosen at random and encrypted on its servers. This is generally the case with its competitors as well. However, on your user account, texts appear in clear. Simply enter your password to read your Google docs or Skydrive documents, such as to access your email. In addition to Dropbox this week, “there is a multitude of examples that show that passwords have been found in nature. The risk is that other people will access your data, “explains Gwendal Le Grand, head of the computer expertise department of the National Commission for Informatics and Liberties (CNIL).

Indeed, it has happened that Google accounts or Hotmail are compromised. And as long as a hacker grabs these passwords, he can read the documents stored on Google Drive and Skydrive. In May 2011, Jeff Bezos, CEO of Amazon, suggested that users choose stronger passwords to access cloud services: “The most important thing that consumers can probably do is choose more complex passwords. “In addition to the password, you should ideally ask for another secret, or offer to send you a second password via SMS. A solution that Dropbox is considering since Wednesday’s piracy. Interviewed by 20 Minutes, Eric Filiol, researcher specializing in computer security and director of the research center of ESIEA, agrees but raises a problem: “If we put stronger authentication, people will be lost.”

“We never put confidential documents on the cloud”

Meanwhile, “we must impose a number of rules: do not have the too simple password and do not have the same password on different services on the Internet,” advises Gwendal Le Grand. He says that cloud security is impossible to guarantee. As a precaution, “there are types of content that should not be stored online, such as banking data and medical data”. There are regular loopholes in the systems. “The danger would be to find his vacation photos on the Internet or see his documents hijacked. This is an extreme case but Eric Filiol says that if someone stores online and is hacked his accounting, for example, it is not immune to identity theft. The risks are higher for companies that sometimes store everything on the cloud (including financial documents) to reduce their IT costs. “It is absolutely necessary to inquire beforehand,” warns Eric Filiol.

The expert points to another important point: “In the United States, companies are subject to the Patriot Act”, this means that they must communicate the information entrusted to them at the request of United States intelligence agencies. . The only way to escape this intrusion into your privacy is to choose a service that is not American and does not have an office in the United States.

Conditions of use sometimes obscure

Moreover, “there are companies that say in their rules of confidentiality that they use this content to improve their services (and therefore give themselves the right to look at your documents, ed), says Gwendal Le Grand de la Cnil. What you need to do is read the privacy rules and do your own risk analysis: do I accept that this document is analyzed or not? ” 20 Minutes has plunged into the conditions of use of different services. Some people have a rather obscure approach to data processing. Thus, Skydrive’s (Microsoft) Terms of Use specify: “We do not control or verify the content that you (…) make available on the service”. But later, it says: “Microsoft is likely to use, modify, adapt, reproduce, distribute and display the content published on the service, and you authorize Microsoft to perform these operations.” In its terms, Google explains that it keeps the right to use this data to improve its services … “We can not say that cloud offers are easy to understand,” says Gwendal Le Grand.

Despite everything, Eric Filiol says that we must not demonize the cloud either. It is true that this type of service is very practical in everyday life. If a hard drive is dead without warning, the cloud can have a backup. “You just have to consider that these documents can be read” before storing anything, concludes the computer security expert.


News In Category