How to secure your files in cloud storage
This guide is no longer being maintained
The nature of the work carried out by environmental rights defenders requires travel to remote areas where extractive and ecological abuse is happening. This necessitates a means of accessing stored information; for example, to educate local communities on their rights and to inform them of the current developments concerning the issue that is being addressed.
ERDs therefore often need to carry around computers, and sometimes also backup external hard disks. This opens up the risk of losing information, should devices be stolen or confisticated. Many defenders have directly expressed a need for online solutions for storing their sensitive information in a way that they can access it safely and rapidly from any location where there is internet coverage.
Secure online storage is not only useful for storing information that is needed in the field, but can also be used as a more reliable alternative to portable media like external hard drives and memory sticks.
Often, you will find that you cannot rely on your external drives and flash disks. Other times, you may find yourself in the dilemma of not wanting to travel to risky locations with your external disks, but needing to access your stored files while you’re there. In such cases, you will need to have your files stored in a secure and remote location and still be able to access them whenever you need them. Secure loud storage is a viable alternative.
You should, however, be cautious in your choice of cloud service. There are many cloud services to choose from. Among the most commonly used in Africa are Google Drive and Dropbox. However, although both promise privacy of your files and give you control of who can view your files, it is advisable to take the security of your cloud usage a notch higher. We recommend two ways of making your cloud experience more secure:
- Securing your files when using popular cloud services
- Switching to a more secure cloud service
Securing your files when using popular cloud services
Generally, when using a cloud service, you should add a layer of security by:
- Creating and using strong passwords to log into the cloud service. Learn how to create strong passwords by reading How to create and maintain secure passwords section of Security in-a-box.
- Encrypting your sensitive files before uploading them onto the cloud servers. Find out how you can encrypt your files in the How to protect the sensitive files in your computer section of Security in-a-box.
- Storing copies of your files in more than one cloud service. For instance, you can store two copies of the same file in both Dropbox and Google Drive.
- Ensuring that only a few people you trust get access these files, and only when you need to share the files with them.
- Use secure connections when accessing your files on the cloud. The section on Securing your email in Security in-a-box has an explanation on how you can ensure that you are accessing web services using a secure connection. It also points you to tools that you can use to make accessing web services secure.
Human Rights Defender Testimonies
“I usualy back up my important information every two weeks. I store the backup in an external hard disk which I travel with whenever I go. This hard disk and computer can be taken or lost and I can lose all my information. I think we need a secure online backup system."
– Anonymous Transparency Activist, Tanzania
Switching to a secure cloud service
Nothing is ever 100% secure, but you increase your level of security much more if you use cloud services that are designed with security in mind. Most of the popular cloud services such as Dropbox and Google Drive are generally thought to be fraught with security and privacy problems.
There are, however, several free and more secure alternative cloud services out there. Tresorit and SpiderOak offer free, security-conscious services which are worth considering.
Tresorit: 5GB of storage free, although you can only store files not exceeding 500MB. Since the capacity is so small, the free service would be useful in keeping only the most sensitive of your information. The paid-for service is relatively affordable.
Tresorit security is threefold: Your files are encrypted on your computer (thus eliminating the need for you to encrypt your files manually) before being uploaded onto the cloud; the company does not have access to your files and cannot modify them; and the company does not know your password (the flip side of this is that if you forget your password you lose control of your files and you can never recover them).
The advantage of Tresorit over other popular cloud services is that you do not have to create a special sync folder for it, you just right-click any folder and “tresor it” to sync it.
To use Tresorit, you have to download the desktop application. Their support page has straightforward instructions to guide you on how to install and use Tresorit.
SpiderOak is free for the first 2GB of storage space but after that you have to pay for more storage. You can store anything from documents and photos to video and audio files.
With SpiderOak, everything is password-secured and only you (or those who have your password or who you share the folders or files with) can access them. Even the SpiderOak servers cannot read your files.
Their “zero-knowledge” policy means they know neither your password nor the content of your folders. In their own words, “In technical terms, ‘zero-knowledge’ means that the server has 'zero-knowledge' of your data. In non-technical terms it means that your data is 100% private and only readable to you. No plaintext data is stored on our servers, ensuring absolute confidentiality between you and your data.”
Caution: When using zero-knowledge cloud services, ensure that you can always remember your password since they cannot reset it even in times of emergency. If you cannot remember your password, you will completely lose access to your folders. You can use KeePassX to keep your passwords in one secure place.
You need a desktop application to be able to use SpiderOak. The SpiderOak website has a detailed User Manual that shows how to install and use SpiderOak.