Skip to main content

How to Secure Your Cloud Storage

Choose your service

Every major cloud storage service promises to keep your files safe, but if you want the job done right, you'll have to do it yourself.

The PRISM program made it abundantly clear that the NSA wants to get a hold of your online data, including whatever files you keep in the cloud. At the time of its controversial reveal, PRISM already had the cooperation (witting or unwitting) of Google, and was eyeing Dropbox next.

There's no guarantee that the government has, or even has access to, your online files, but it's well within the scope of what it could acquire. Even discounting Big Brother, there are other prying eyes out there: cybercriminals, hobbyist hackers and invasive corporations, for starters.

While there are dozens of cloud storage solutions, the principles for keeping them safe are about the same across-the-board. Dropbox and Google Drive are under the most scrutiny right now, but one other service, SpiderOak, takes a special interest in user security.

SpiderOak is not as well-known as the previous two services, but promises "100% private" cloud storage. A focus on security and discreet data is, in theory, what sets this service apart from its competitors. The company wishes to "[dispel] the myth that just because data was online didn't mean it couldn't be private," according to its website.

All data you submit to SpiderOak is encrypted, but that's not unusual — Dropbox and Google Drive encrypt data as well. The company distinguishes itself by embracing a "zero knowledge" policy.

"We do not know anything about the data that you store on SpiderOak — not even your folder or filenames," states the FAQ. "On the server we only see sequentially numbered containers of encrypted data." In fact, SpiderOak does not even store user passwords — if a user forgets his or her login information, the data is essentially gone forever.

This theoretically renders SpiderOak safe from the prying eyes of system administrators, hackers and the NSA, but users would be wise to treat this service cautiously, too. After all, no one knew that the NSA had access to Google or Dropbox information for years. Furthermore, although SpiderOak seems to have good intentions, it would hardly be the first company to oversell or misrepresent its online security features.