the cloud

Security Suggestions – The Cloud and Your Data

Russell W. Gilmore, CISSP, CISM, EnCE Computer Forensics, Electronic Data Recovery, Intellectual Property


cloud with binary codeI am often asked to discuss IT and data security as it relates to storing data on the Cloud. Nine out of ten times I am asked two inevitable questions: “What is the Cloud?” and “Where is the Cloud?”. Hopefully I will answer these questions as I discuss ways to keep your data secure on the Cloud.

There are a number of services that allow you to store data on their servers. Examples of these for an individual or a small business are Dropbox, Sharefile, Google Mail, iCloud, Google Drive, Office 365, and many more. These services quite often automatically connect to you through  your smartphone, iPhone, laptop and/or your desktop computer once you initially login. Think about using your phone – you don’t have to type in a password to get your Gmail each time. As long as you can access the email app on your phone, you’re in. This is because you have instructed the app to trust your smartphone as a conduit to get your Gmail. This goes for almost any mail account you access from your device.

Go one step further and consider that you may have an account with Dropbox, Office 365, or Sharefile. The same concept applies – you have instructed the app to trust your smartphone as a conduit. To make matters worse, if you have these accounts available on your laptop or desktop they too are accessible without typing in a password once you have initially logged in. This is most often the case because we have instructed the app to remember our password.

Now that we understand – to just a small degree – what the Cloud is as it relates to most users and what as individuals we may have on the Cloud, let’s discuss how to keep it secure. First, don’t store sensitive information in the Cloud. I am not talking about using the online version of TurboTax, for example. I am referring to storing birth certificates, passports, and other scanned documents with sensitive information. There is nothing wrong with a safe deposit box for items like these.

Don’t use the same password for every account and change passwords regularly. I believe that password security is such an important issue I could write an entire topic on it. By using the same password for email, banking, computer login, online purchases, social media sites, and other activities, you jeopardize the security of all of your accounts if just one gets hacked. Hackers are smart enough to know that if your password to “website.com” is 12345678 and your user name to “website.com” is user@gmail.com, they will try and login to the Gmail account with the password they have uncovered. You should choose a random password and change it at least every 90 days if not sooner.

Consider reading the terms of service or user agreements to find out how the service works. This is very important if you intend to take advantage of a free 30-day trial. It is possible you will not have access to the data after 30 days without paying for the service. Think about encrypting your data or utilizing a service that includes encryption with data storage.

These are just a few suggestions for securing your data on the Cloud, and this is only a starting point.
I am not suggesting that no one should use the Cloud for storing data. For the most part, everyone who uses a computer, smartphone, or tablet is using the Cloud already. The Cloud can be an efficient way to centralize and share data with authorized users. I am suggesting you use it wisely, securely, and with the knowledge that you have done everything possible to protect the data you put on the Cloud.


Plan. Protect. Prosper.

Protus3 specializes in security system design, security consulting, corporate investigations and other investigative services. Partner with Protus3 and we will examine each situation to identify threats and develop solutions for your best outcome.

919-834-8584 or 800-775-8584