Storage forum

General discussion

Cloud storage and sharing, is it secure?

by Lee Koo (ADMIN) CNET staff/forum admin / February 8, 2013 6:52 AM PST

Cloud storage and sharing, is it secure?

What is the best and most secure cloud data storing and sharing
provider? My mom has been placed in a nursing home and will be under
hospice care. We find that all siblings at one time or another need
to access her personal data. We would like it in the cloud so
info/documents can be placed here. Too often the person with the
specific info needed at a given moment isn't available. What is the
most dependable and secure site? We are talking about Social Security
number, financial info, health insurance data, bills paid, etc. Or is
it better to keep info transmitted by e-mail and each of us set up a
folder on our respective e-mail accounts?

--Submitted by: Frances R.
Post a reply
Discussion is locked
You are posting a reply to: Cloud storage and sharing, is it secure?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Cloud storage and sharing, is it secure?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Cloud storage and sharing
by Linuxrrs / February 8, 2013 8:38 AM PST

Take a look over at Reason is you can see when someone opens info. This will give someone the ability to check on her personal info. I'm sure there settings I might not know about with that also will work. There are Healthcare certified so keeping health info there is safe. That's how I would go about it.

Collapse -
The Cloud
by W#8yT1vx5Nh9SJ / February 8, 2013 9:59 AM PST

The "Cloud" is NOT safe ..... period.

Collapse -
Apparently You Aren't Familiar Secure Hypertunnel Technology
by iSamsung2u / February 16, 2013 4:03 AM PST
In reply to: The Cloud

If you are connected directly device (computer or tablet, etc) to device through a high level encrypted VPN, it's like being virtually on the device or Cloud Service in the same room. The reason is that data on one side (either using 128bit or preferably 256bit encryption) is virtually next to impossible to break w/o using a Super Computer or many computers in a distributed computing network to hack/crack into a computer data en-route via the web. It's like a water pipe. Leaks just don't happen.... they have to be forced or found using methods that are extremely laborious and intensive. It's doubtful that any common citizen's information is that important to warrant such extreme measures in digging out access by 3rd parties.

It still can take days for super computers to hack 256bit encryption and the only other way faster is by using mass attacks (100's if not 1000's of computers in a swarm), like Anonymous uses to break into government site computer databases. Those attacks can take months before they are successful. Yet they even still have a hard time breaking in, because it's a lot like humans working at having a baby. It takes 1000's of sperm to even get one that's capable of penetrating the women's ovaries to have that baby!

None of us regular people have anything worth that much trouble to get at. So it's a matter of choosing the right cloud service provider, that uses high level encryption on both ends in what's called a Secure Hypertunneled connection. Chrome OS uses this type of connection to keep you safe on every keystroke and data transfer you make with Google Cloud. You are as good as having the cloud located right inside your HOME COMPUTER!

Most Cloud based services now use high level encryption, not only in Banking.... but email as well. The chance of some hacker or even hackers being that interested in you to break the encrypted data while in the pipe line through the Etherworld (solid connected information on the web) or Netherworld (chaos or Darknet mixed data) of the Web, is next to NONE!

The Difference Between the Real World and the Internet.... is that the Real World exists only in confined directly accessible Real Terms and the Internet is totally OPEN and Unlimited by any real boundaries of what we understand as REALITY! .....and that's the definition of the CLOUD.... we're talking about!

It's not some corner grocery store with an easily broken window to get in through and is more of a passage through Space and Time in going from one computer to another. So when you run data through strong encryption (making it more Darknet Chaos like), you're playing in hell trying to make sense of it and that's the CLOUD we're talking about! .....if it's not SAFE, then you're doing something very wrong!

Collapse -
You may understand computers, but...
by punim / February 24, 2013 8:21 AM PST don't understand biology! Sperm do not penetrate ovaries. Conception occurs when a sperm penetrates the outer membrane of an ovum (that's an "egg" for you "eggheads") in the Fallopian tube. The ovum originated in the ovary, but was expelled from the maturing ovarian follicle (that's called "ovulation"). The sperm enters the Fallopian tube from the uterus and swims up the tube to meet the ovum. That's another kind of "Secure Hypertunneled connection".
...OK, back to the Cloud!

Collapse -
What is the Point?
by Hforman / February 25, 2013 3:19 PM PST

If the other end of the VPN tunnel is at a location where people read all of your uploads and can sell them to an advertising partner. If I'm dealing with criminal records, it doesn't matter how secure the tunnel is if the people on the other end are not allowed to see the data especially since they say they do read everything. Maybe a private cloud is best where you can prosecute the people or just turn them over to the FBI if they so much as look at your stuff.

Collapse -
My company just attended an internet security confernece
by Greg n Laura / February 16, 2013 10:10 AM PST
In reply to: The Cloud

On Friday we were told not to place any person or professional data in a cloud application. At this time none of the services in their opinion are secure enough to use for such documents. I thought it was very odd this subject was posted at C/Net the same day we received this notice at work. Most of what our IT has told us in the past has come true and they in this case even sited cases of issues already being reported by these sites. Whatever it is worth I thought I'd share this information with everyone.

Collapse -
Tell that to IBM, Google, NSA etc who all use CLOUD! lol...
by iSamsung2u / February 17, 2013 6:39 AM PST

IBM believe or not..... are the REAL SECURITY EXPERTS... in this World since 1997. Since most every credit card transaction runs through what is called dual authentication in the Cloud on their Mainframes.
So... I have no idea what lame company you work for, but the reality is that Mastercard and Visa (3D Secure) also both rely on IBM Cloud Based Services. These mainframes run a secure co-processor in what's called an Impenetrable Secure Cloud Fortress that relies on this dual authentication and IBM chips. Almost all banks rely on this technology for your online banking transactions, also carried out in the cloud.

IBM's record on Security with their cloud services? They have not to this day ever failed.... even once. They rely on chips w/ lockable secure vault technology carried out on Cell like Co-Processors on their Mainframes. The government (NSA, etc) also uses a secure cloud network. In fact the Security of Cloud Computing can't be questioned even over local closed offline computing networks. That's the truth and you can read more in this independent white paper on the subject:

""The Cloud: When & Why?"

See how you can achieve your goals in the cloud in this complimentary white paper.

When it comes to evaluating software investment decisions, such as on-premise vs. cloud-based solutions, many factors must be considered. In particular, pay attention to four key areas:
support for business strategy, operations, security, and cost.

In addition to these important considerations, there are other reasons companies choose to adopt cloud solutions:
Strategic agility and simplified product renewals
Ease of adoption and improved security
Time to value, operating expenses, and more
How can you achieve your goals in the cloud? This complimentary white paper shows you. Download it today."

It's MORE SECURE.... and that's why major cities like Los Angeles, London, Tokyo, etc have also chosen Cloud Services over locally run closed networks. Google has switched completely to non-windows machines running Secure Linux (SE developed by NSA) since the hack on Windows machines in China and they run one of the largest database networks in the World in the Cloud.... now secure in the Cloud!!!

So..... tell your stupid boss to go get another job. One he's hopefully qualified to make decisions on!!! ;-P

Collapse -
You don't know a lot about clouds then
by Hforman / February 17, 2013 11:42 AM PST

There are many different types of clouds. Public and private. These companies use private clouds which Are not available to the public. Google has alreAdy been hacked And user data compromised. The point is who owns the cloud? I hAte using Google as an example but on their website they say they read all of your uploads and they can do whatever they want with your data including public display. Is the op supposed to trust a provider who takes no responsibility for your data?

Collapse -
When and Where? ....China? Give me a break!
by iSamsung2u / February 22, 2013 9:22 AM PST

Apple has been hacked repeatedly and we're talking not just personal information, but financial as well. Are we talking secure cloud services? Then...... NO! ....we're talking non-secure access or pre-China hack, when Google was still using some Windows based servers, databases or people like you who probably refuse to use secure passwords or now secure double authentication to their access their information. If..... (which I doubt) you are part, you are using Google's dual redundant authentication on Google Cloud Services. NOW..... they even have extreme secure Cell Phone Authentication!

Even Search has been Secured, so we have privacy even when Searching. Which is why Facebook, Twitter and all the rest of social online world along with SEO Marketing Companies are so piss'd-off at Google! ....our information is only handed over to paid search placement (traceable and responsible) after it's been anonymised!

Every other company has followed Google's lead into making our information more secure..... not less! .....and with Google you always have an informed choice to be secure and being anonymised is automatic. Unlike all their competitors in Cloud Services!!!

Collapse -
I'd say LastPass has it best...
by JCitizen / February 24, 2013 12:06 AM PST

Their cloud service is designed from the ground up for host based anti-intrusion protection, and it only transfers information in Secure Socket Layer, and encrypts anything recorded on your hard drive. If you must store Passwords, Social Security Numbers, and/or financial information at all, I feel LastPass has the best reputation so far.

If they even smell a breach they make it public - which has only happened once - and it turned out to be a minor incident. If ever there was a cloud provider to trust - I'd trust them first.

Even the associates at LastPass have no access to your encrypted "blobs" in their server farm; so even a disgruntled employee could do little damage.

Collapse -
you may be right...
by victork1 / February 25, 2013 11:12 AM PST

But I would like to know why so much aggression in your words....

Just sayin....

Collapse -
The Cloud
by s4322 / August 19, 2015 7:23 AM PDT
In reply to: The Cloud

That is not entirely true. Please have a look at, and read the site. They do use a completely different principle.

Collapse -
easy encryption for novices
by bando?ers / February 15, 2013 12:57 PM PST

I don't know if your family is tech savvy or not, but a very easy to use solution that's plenty secure for this is called encryptonclick, (or very similar) by two bright sparks. It's easily driven from windows GUI in contextual menus. Just share a pw with siblings, one for each file, or one for each type of file maybe just 1 good PW for everything. Any comoplete newbee can use it. Then pick the cloud service of your choice/dropbox rocks most of the time, but sometimes people have problems with their shared folders, so test before you depend on it. I really like Ubuntuone, but I've never tested their Windows client. I've heard it works fine now, but only used it in Ubuntu myself. At least in Ubuntu, you can choose to sync any folder, not just the stuff in the Ubuntu1 folder that's synced automatically. You can send links to non-colaboraters like with Dropbox as well. Lots of other services&some are more secure, but unless you encrypt yourself before uploading you are taking some risk. You are probably not going to be a target, but TrueCrypt is the most secure of all solutions, but harder to learn than the program I mentioned. Gpgp's pretty easy and probably has a way to integrate with windows GUI like it does for Gnome desktop in Linux.

Collapse -
Bit locker..
by JCitizen / February 24, 2013 12:08 AM PST

which is available in Vista/Win7/Win8 Pro or higher versions of the operating system, can do a good job of locking up files and folders on your Windows system.

Collapse -
Many are good, but use your own encryption
by hank080225 / February 8, 2013 8:41 AM PST

Many of the online cloud storage services are good. Look at their terms of service and privacy policy. Remember that any service can have a bug, and any service can be hacked. If you use your own encryption before you send your files to the cloud, you will have an additional layer of security. Some (all?) cloud storage services allow you to give people read-only access so you can designate one person to control the info and still let everyone look at it.

Email is insecure if you leave it on the cloud, and email can be intercepted. You can get a certificate and encrypt your email, but the cloud storage may be more convenient.

I use Dropbox and Boxcryptor. One advantage of this combination is that I can access the data from my Windows PC, Android phone and iPad even though its encrypted. Another advantage is that Dropbox keeps backup copies so I can recover information that I inadvertently change or delete.

Collapse -
TrueCrypt with Dropbox
by capoderra / February 8, 2013 10:51 AM PST

I use TrueCrypt to create a container and then I put sensitive files in that container. When the container is closed or "unmounted" it becomes encrypted. You can use TrueCrypt to mount the container and thus decrypt the files. All your family members would have to know the password. You can share the container anyway you wish. I like Dropbox because it uploads any changes made inside the container automatically when you unmount. I like TrueCrypt because its free and can be installed on any operating system.

Collapse -
Truecrypt is brilliant - even with usb sticks
by AndyT88 / February 8, 2013 6:54 PM PST
In reply to: TrueCrypt with Dropbox

Fully agree with truecrypt recommendation. Many similar encrypted virtual disk type offerings, but truecrypt stands out as open source freeware (so no hidden backdoors), and has an auto demount option to close the plaintext virtual disk after x minutes of non use. This is important as whilst the virtual disk of decrypted information is mounted (ie open and readable) spyware or other people with access to your pc can read it. Before using this option in truecrypt I had occasionally been called away from my pc and thinking I would be back soon not shut down & demounted the plaintext virtual disk, thus comprimising my security. Now my setting is 5min of non use (ie read or write) and it closes.

Collapse -
by bmcl23 / February 15, 2013 3:17 PM PST
In reply to: TrueCrypt with Dropbox

A group, 5 of us successfully have used Dropbox to share an everchanging MS Access personel database with 54 info columns and 10,000+ individual records for the past 4 years. That file is about 16mb, kept in its own folder. We also have a number of other folders for other uses. It is simple, quick, self-updating for everyone and the best thing, for the first 2GB, it's free. Prior to Dropbox, we used to send it as an email attachment - often rejected by the email server because of size, and before N1 routers, took forever to download!

We found it takes a firm agreement on use with multiple users. Only one of us CHANGES the info. The rest never open the file in the Dropbox, just right click copy/paste the file to a folder or desktop for use. If changes are needed, send the info to the "editor", or co-ordinate with him/her a time for you to make the change, so they do not open it while you work on it.

I can assure you, without that understanding, the Dropbox can quickly become unuseable - loaded with "conflicted copy" files. None show who did what!! Only "when"!!

Most of our group are not into social media - Twitter, Facebook, etc. Heavy email/internet use only. Most of us are Octogenerians. (80+)

So endth the lesson!

Collapse -
The Public Cloud
by Hforman / February 8, 2013 2:22 PM PST

As I've said MANY times, you need to read the Terms of Service (TOS) for any public provider of cloud services before you use them for private data or governance (where federal, state or local law prohibits you from providing data (except your own) to anyone else such as medical data (HIPAA/HITECH), criminal data (CJIS) or credit card data (FACT Act). Also, read the FAQs and help. Most will tell you, for example, that everything you post is scanned or read by them (Google, Dropbox, etc.) including by employees overseas.

You sound concerned about the security of your Mom's information and you should be. Now is not the time to provide her credit card, banking information, address, SSN to someone who can easily use this information (even in a foreign country) to open accounts and transfer funds.

One suggestion that someone else made is good. If you are going to use one of these sites, find a way to encrypt the data yourself before you give it to one of these places. Just because they offer their own encryption, most of their employees carry the keys to decrypt your data. So do your own encrypting.

Email, by the way, is NOT safe either but it is better than using a site that tells you that they read your stuff and can do anything they want with it and take no responsibility for it (all in the TOS).

Learn simple encryption. Use PGP or the free version, GPG. You create a set of keys and just give family members the secret key (and the public key as well). There are others that may be easier to use but Cloud storage for the type of data you are talking about is not secure based on my research on the websites of the providers.


Collapse -
Some email isn't any safer than cloud storage
by hank080225 / February 16, 2013 4:55 AM PST
In reply to: The Public Cloud

Gmail and possibility other email services read your email. So some email is no better than free cloud storage.

Collapse -
Cloud terms and conditions review
by csrcsrcsr / February 20, 2013 8:40 PM PST
In reply to: The Public Cloud

Within the web page for Cnet on "The Public Cloud" issue are adverts for Just Cloud - a supposedly free service to backup on an unlimited basis all files from your comuters and across all devices. Sounds good, and little slider boxes on the Just Cloud web site clickabel from the Cnet webpage describe a few of User favourable comments ..., BUT

As warned in the post on The Public Cloud, it is vital that consideration is given to their terms and conditions which give absolutely no guarantees at all as to the safe access to your files backed up. More importantly, if any user takes up the suggestions they then make of adding limited one off extras to the service they propose what started as free becomes expensive with Just Cloud able to terminate in all sorts of circumstances having got your money

An important issue is that this service states it keeps all its (your) data on just one of its servers and can choose to change the conditions on which you may have subscribed at any time (you only being told if you accessed their website to discover the updated terms - they reserve the right to change the terms at any time AND if you subscribe to any of the extra services BEWARE you are also giving Just Cloud unlimited ability to rebill you at the end of any subscription period without communicating that fact to you on screen (it only appears in their detailed terms)

It becomes apparent that the service is from a United States company and is governed by such law but the actual data may be stored at their discretion anywhere in the world (and probably will be in due course) AND it appears any files backed up are encrypted BY THEIR software on YOUR machine and then submitted to their server and ONLY THEY have the ability to decrypt your files - so if there is any argument and need to get a file back it has to be under their decrytpion terms and ONLY if they feel able to do so (no guarantees there either).

If you do not like any of this but have data stored by them they limit your rights to dispute under the US law to arbitration but you have to pay fees of any arbritrator on a half and half basis (little you v big them!) - limited if you are a consumer (non business) to $1000

So ... can you trust these sort of services to
a) store your data securely (they have the decryption keys and right to ready your data)
b) always backup your data as you expect (they will not be liable if they have not got round to doing the backup at their end due to delays, downtime, or overload etc)
c) enable you to get your data back at all times
d) know that you will not be charged for ever once you have taken a subscription
e) know that the already harsh terms and conditions (including their reservation to withdraw the service at any time without notice to you) will not change to be made even harsher without reference to you
f) reimburse you on their changing their terms of conditions during any period of subscription without YOU having to discover that fact on your own by "periodic visits" to their website

On the above basis I would steer VERY clear of any reliance on such a service which actually guarantees nothing except that they take your money if you subscribe to anything and will continue to do so unless you cancel the means by which they can automatically debit your bank account or credit card!!!

In all probability many other such sites have similar terms - BEWARE - all is not as it seems!! Users and potential customers BE WARNED - PRINT OUT and READ their terms and conditions before parting with a penny!!!

Collapse -
by hallidaydj / April 4, 2013 5:41 AM PDT
In reply to: The Public Cloud

I use Dropbox. Before putting files on Dropbox I use 7-Zip with the AES-256 encryption on the files. What do you think about the "safety" of that method?

Collapse -
NSA approved.
by R. Proffitt Forum moderator / April 4, 2013 5:56 AM PDT
In reply to: Dropbox

If you had used PGP which is not NSA approved I would have been happy about this.

Collapse -
by Hforman / February 8, 2013 2:24 PM PST

Did they actually say they were HIPAA-certified? That would be unusual but great if it is true.

Collapse -
Cloud, not for me thanks
by robinnewton / February 8, 2013 4:59 PM PST

Lets think, the cloud will be secure. No logical reason to consider it will be secure. Anytime you park your information whether it be photos, files, personal documents on someone else's server system, there is a fair chance that it can and will be hacked. The proprietors of such server systems, or the cloud, are not likely to highlight their systems have been breached.
Lets think of some high profile hackings. Linkedin, Facebook, The Pentagon, and I could go on and on.
The best way of managing your personal information, is to have a pc or laptop at home, on your home network. This excludes physical hacking. It will need to have good, strong passwords. Then create a vpn, that family members can log into to access the files. A vpn is reasonably straightforward to create, but if you have problems, get in touch with any decent IT store, or consultant, and for a reasonable fee, a vpn will sort you issues. Make sure that when it is set up, you change the password immediately, to prevent access from a nosy IT store representative. Your particular information is really handy for those wishing to hijack identities.
Leave the pc or laptop running, connected to the internet, 24/7 until such time the ubiquitous access is no longer needed. Make sure you allow access only to the folder and files that are relevant to your matters
The Cloud....not for me.


Collapse -
Depends on the definition of "Secure"
by Flatworm / February 8, 2013 10:35 PM PST

I cannot speak to which is the most secure provider of cloud services. I do not consider any of them sufficiently secure for my data.

HOWEVER, if your worry is to preserve the data, they are definitely more secure than keeping the data on a hard drive on your PC without a backup.

But I consider them insecure because of three things:

1. The simple fact that they are accessible over the Internet renders them inherently insecure. There are all kinds of ways that account names and passwords can fall into the wrong hands. This is particularly true in cases, like yours, in which multiple people have access.

2. Although the data may be encrypted, it is settled law that data on a server belongs to the owner of that server, to do with whatever he, she or it wishes.

3. What happens to your data, and access to that data, if the provider goes bankrupt, changes hands, or unilaterally changes your terms of service?

Maybe I am being a Luddite here, or perhaps just paranoid, but this "cloud" stuff is not for me. I am sorry I could not respond to your question in a more intelligent and knowledgeable way, but neither could I respond knowledgeably about how it feels to hit bottom when jumping off a cliff. It is an experiment that I will forgo, thank you very much.

Note: This post was edited by its original author to fix typo on 02/15/2013 at 3:04 PM PT

Collapse -
Jeez, I really need more sleep!
by Flatworm / February 8, 2013 10:37 PM PST

I consider them INSECURE because of THREE thing! Anybody know where I can get a good proofreader for free?

Collapse -
(NT) I got your back Flatworm :-) Fixed it for ya. Cheers!
by Lee Koo (ADMIN) CNET staff/forum admin / February 15, 2013 7:04 AM PST
Collapse -
I wouldn't....
by Mandroid75BB / February 8, 2013 10:49 PM PST ANY Media Storage facility that you would be entrusting such personal and important information to, hell, I don't even keep sensitive data on my Laptop. If a system can be created,a system can be hacked no matter HOW many Firewalls are in place or levels of multiple key encoding.

If multiple people need to have sensitive data that can be accessed then why not copy it to a Flashdrive or SD Card and give each person their own? Flashdrives or USB sticks can be carried on keyrings and therefore if on your House/Car keys it is always at hand.

Me personally,I'd be more happy with this method than some "Floaty" facility, if your Data gets hacked,corrupted or lost - WHO do you go to? WHERE can you go physical location wise and complain?

Collapse -
Sorry Mandroid...
by l8rb / February 9, 2013 12:28 AM PST
In reply to: I wouldn't....

Not intending to steal your thunder...just didn't get to the bottom before writing ];-}

Mea Culpa.


Popular Forums
Computer Help 51,224 discussions
Computer Newbies 10,453 discussions
Laptops 20,090 discussions
Security 30,722 discussions
TVs & Home Theaters 20,937 discussions
Windows 10 1,295 discussions
Phones 16,252 discussions
Windows 7 7,684 discussions
Networking & Wireless 15,215 discussions


What do the color stripes mean on your tires?

Brian Cooley tells you why you might see various color lines on the wheels of your automobile.