Are Your Documents Safe On The Cloud?
On Wednesday, some Dropbox users had a bad surprise. The cloud service, which is one of the best known, has admitted to being hacked. Some usernames and passwords have been stolen. Which means that the “hackers” in question could have access to the documents they had stored on the Dropbox servers. Fortunately for the company, it does not happen often. But this incident leads us to ask two questions: is not it risky to store his personal documents on servers online and can we trust Dropbox, Google Drive, Skydrive, Amazon Cloud Drive, iCloud …?
“Authentication should be stronger”
Most of these services say they are doing everything they can to protect your data. For example, Google specifies that the documents you store are fragmented, have a file name chosen at random and encrypted on its servers. This is generally the case with its competitors as well. However, on your user account, texts appear in clear. Simply enter your password to read your Google docs or Skydrive documents, such as to access your email. In addition to Dropbox this week, “there is a multitude of examples that show that passwords have been found in nature. The risk is that other people will access your data, “explains Gwendal Le Grand, head of the computer expertise department of the National Commission for Informatics and Liberties (CNIL).
Indeed, it has happened that Google accounts or Hotmail are compromised. And as long as a hacker grabs these passwords, he can read the documents stored on Google Drive and Skydrive. In May 2011, Jeff Bezos, CEO of Amazon, suggested that users choose stronger passwords to access cloud services: “The most important thing that consumers can probably do is choose more complex passwords. “In addition to the password, you should ideally ask for another secret, or offer to send you a second password via SMS. A solution that Dropbox is considering since Wednesday’s piracy. Interviewed by 20 Minutes, Eric Filiol, researcher specializing in computer security and director of the research center of ESIEA, agrees but raises a problem: “If we put stronger authentication, people will be lost.”
“We never put confidential documents on the cloud”
Meanwhile, “we must impose a number of rules: do not have the too simple password and do not have the same password on different services on the Internet,” advises Gwendal Le Grand. He says that cloud security is impossible to guarantee. As a precaution, “there are types of content that should not be stored online, such as banking data and medical data”. There are regular loopholes in the systems. “The danger would be to find his vacation photos on the Internet or see his documents hijacked. This is an extreme case but Eric Filiol says that if someone stores online and is hacked his accounting, for example, it is not immune to identity theft. The risks are higher for companies that sometimes store everything on the cloud (including financial documents) to reduce their IT costs. “It is absolutely necessary to inquire beforehand,” warns Eric Filiol.
The expert points to another important point: “In the United States, companies are subject to the Patriot Act”, this means that they must communicate the information entrusted to them at the request of United States intelligence agencies. . The only way to escape this intrusion into your privacy is to choose a service that is not American and does not have an office in the United States.
Conditions of use sometimes obscure
Despite everything, Eric Filiol says that we must not demonize the cloud either. It is true that this type of service is very practical in everyday life. If a hard drive is dead without warning, the cloud can have a backup. “You just have to consider that these documents can be read” before storing anything, concludes the computer security expert.Tags: Documents