Cloud backups are like giving your house keys to your neighbor; Except that your neighbor then gives it to his neighbors, but doesn't tell you which ones. Licensed from Stock Exchange.

This is the sixth post in a series about data breaches you can prevent. We’ve covered Phones and Personal Computing Devices , Your Browser, Your Inbox, Your Thumb and External Drives, and Your Old Computer. Next we’ll discuss Your Cloud Backup.

Online cloud computing gives individuals and small businesses access to Fortune 500 computing services, for dirt cheap or free. Consumers have the choice of hundreds of cloud backup and file sharing programs.


A cloud backup is much like giving a copy of your house key to your neighbor. By choosing a trusted neighbor, you can be sure that your house key won’t fall into the wrong hands, and you will be able to use it you ever lock yourself out. You will also be able to change your lock if your neighbor’s house is robbed, or retrieve the key if your neighbor’s house is foreclosed.

If a cloud provider is like your neighbor and your personal information is like your house key, cloud backups go one step further. Each time you give your key to the neighbor (that is, back up a file in the cloud), your neighbor then makes several copies of your key and gives it to several other neighbors he trusts. While this means your key will probably never be lost, you have no way to know who exactly has your key, and retrieving all of the keys may be impossible.

Online cloud computing is still in its infancy, and the legal status of cloud backups can get rather, shall we say… “cloudy.”
You must recognize that once the information leaves your computer, you have very little control over where it goes, who owns it, and how many copies are made, or in which countries the files are stored. You may even forfeit your right to permanently delete a file once you put it online, in the “cloud.”

This issue recently came into focus after what has been called the first documented Cloud Data Breach. A bug in Microsoft’s cloud systems exposed confidential information and caused PC World to lament, “You’d better get used to this kind of thing because we’ll be seeing a lot more of it in the future. All any of us can do is pray we’re not a victim.”

Be sure to scan any files you backup online for sensitive information. If you choose to use a cloud backup service, always encrypt personal information, trade secrets, confidential data from third parties, and other sensitive information before backing it up online. Encrypting this information will ensure that should a breach occur, the information will be unusable to an adversary.

I use a cloud backup service called Dropbox. I love it. I use the program to share non-sensitive pictures with my family who lives 2,000 miles away, and share corporate documents with co-workers.

However, if I really need to back up truly sensitive information, I always encrypt the files before I put them online. Before you do a wholesale backup of your entire “My Documents” folder, make absolutely sure that you either encrypt sensitive data, or exclude it from the online backup. That way if a Cloud breach happens, you can rest assured that you won’t be at increased risk.

About the Author Guest Blogger

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.