Best Secure Cloud Site?

Can anyone recommend the best secure cloud website to store sensitive information?

 

Honestly, the cloud is for availability/reliability not security ... Putting sensitive information online where you have to trust another company's security and ethics seems like a bad move.

If you MUST use a cloud service consider heavily encrypting all of what you put on there.

 

There's not one that I know of.

Get an encrypted external hard drive and put it in a safe deposit box.

 

^what those guy said.

by practical definition, 'using the cloud' is the process of giving up security for convenience.

here's food for thought though, email is a cloud application if you wouldn't trust something to email, you shold trust it to storage either.

 

If you need the best security along with the availability and any other 'cloud' specific pro's we can think of:

Make your own 'private' cloud.

Still wouldn't be 100% safe though.

 

Maybe create a strong TrueCrypt file, store you stuff in that, and upload it to a popular cloud storage server (Dropbox, etc)? That's about the best way to go about that.

But as the above said, cloud != secure.

 

Cofee can snoop TrueCrypt files, if that's something that really concerns anyone. I think TrueCrypt also being open source doesn't help that any.

 

DECAF can be used to protect against this to some degree. Now we just need to wait for Microsoft and law enforcement to release CREAMER to counter this counter

DECAF - Wikipedia, the free encyclopedia

 

It's also an old, out-dated version and a new version of Cofee was released that defeats it. It's just an endless cat and mouse game like so many other things.

BUT. I've been out of the loop on these things for so long you should probably take what I say with a grain of salt.

 

..as long as you're not storing files on permanent backups in particular directories, and so on (as in, you shift files and don't leave them with semi-permanent links), then an ssl-encrypted imap box might be the most difficult thing to hack into and get any use out of.

But like said - online.. it's not secure. We're really only "safe" because of the mass of information and the difficulty of cataloging it or tying it to you personally. The actual data isn't.. very secure generally speaking.

 

Thanks for the input. I agree with the risk, but I asked, not for me, but for a small company (run by a friend) that insists on using cloud storage. I have tried to convince them it's a bad idea. My other inquiries elsewhere received same responses. But thought I'd get your input. Thanks.

 

If a 'cloud' had to be used? SkyDrive.

Period.

Not for better security though; just better than anything else out there. By far.

 

Wuala - Secure Cloud Storage - Backup. Sync. Share. Access Everywhere.

HTW, this one is supposedly the "go to" solution to your exact OP. generous, and it works... encrypt locally, store cloudily, decrypt locally - the way it should be.

 

LaCie huh? run...


Nah, 'Secure Cloud Storage' is a an ever present, in your face slogan: not a promise that anyone is able to keep.

 

right... you're stating the obvious: anything conceived by mortals is defeatable by mortals. trust no one. the MAN is watching... and that's utterly infamously true.
that said, to get to the OP's issue, the odds of forestalling the threat are better if encryption and decryption are "under your own nose" on your side of the divide. a 'secure' cloud stash that is, "on the blind" handling encryption "for you... Mr. customer" is higher risk. everything has its price

I think the beauty and utility of such is revealed with some contrary logic: I would put on such a site three main categories of stuff:
- my 'second tier' storage bin... things like old photos that I want to keep, but if they were impounded it wouldn't be a major catastrophe
- digital content that, perhaps for entertainment reasons, is valuable to me but not worth taking up the storage required... but if which were lost, I could either replicate or do without....
- Shared content. I want to share certain files with friends/family/associates so I put it out there in the cloud, securely, and direct the other party to it. I tend to think of these files as temporary - say a month or so life before I clear the way for other items

 

You might want to have your friends small company look into egnyte. While cloud storage isn't for the paranoid mindset, they don't have eulas that say data is theirs to snoop nor what you store like Google drive and sky does. Also egnyte offers ldap integration.

I am curious to check out wuala now. Again I agree with others. Cloud for security is laughable

Sent from my DROID BIONIC using Tapatalk 2

 

Maybe you can help them host a ftp server~~ Otherwise, skydrive or dropbox for easiness. Avoid google drive !

 

They just don't want to have to personally manage a server, maintenance, etc. I'm too busy to do such things these days. If I were out of work again (please, no, knock on wood) I would do it for a fee.

 

its a pain, period. how many of us have passwords and high risk files laying round on four or five hard drives - some lost in a tub somewhere.. I do work for others and I have seen one client in past three years or so who actually even addressed security at all, and only because she had previously worked at a high sec location in DC. kept important things only on a usb drive which stayed tucked away at all times. yes, dangerous... everything has a downside.

that all said, wuala on the web, and truecrypt local, is as much as anyone could hope for without getting into unnatural acts.

but the megaupload case [which it is unlikely the FED will ever succeed at] teaches a lot. its really in the interest of 'freedom' if people DO use cloud services - bigname ones like amazon, ms, goog - to store all sorts of questionable stuff thinly-disguised in archive cabs or simply alternative file extension. how many times have AT&T et al been indicted as 'co-conspirators' because illegal content was replicated all over the creation on their servers? Google already under scrutiny in some nation/states due to having stashed illegally personal info on common citizens. it is a good hedge to have millions of users stashing on the aforementioneds servers all sorts of data, if you follow the logic.

 

SpiderOak
https://spideroak.com/

It's the only secure cloud that encrypts your data.

 

added a GB of photos....3 days and several dead Skydrive process later...still syncing.

EDIT:

personally, I love skydrive*. however, calling it better than anything be far is a gross exaggeration. Dropbox beats it in every respect except for pricing.

*i stick to the microsoft stack whenever i can

 

Actually, it isn't, and the "questionable stuff" never really was shared the most in those channels.

But because that narrative has taken hold in Washington, any and all cloud and e-mail servers owned by the larger giants is possible for the government to get hold of outside any real legal process. Any amount of data will be pulled in indirectly or directly, and specially so if you store something at the "notorious places" that have been highlighted. Requests for IPs, as well as specifically for passwords and files, turn up frequently because of the DMCA. And most providers simply provide it.

Let me just put it like this. You're lucky if you will find an owner of a server or online service who deliberately will store passwords encrypted and without a private key counterpart that lets them access the files without you knowing it. They still exist, but they will have to respond to very sharp letters from law-enforcement about why they're not being available, or that their specific business depends on that trust between customer and provider, which is why these backdoor keys do not exist, and never will, etc. And it obviously doesn't end there if there's some "serious crime" suspected of being implicated, see..

No - save your stuff offline with "airgap" (usb stick in your pocket), and encrypt it with an open source pgp client (stay away from the commercial ones - they are not "safe"). If it really is important, make complicated keys, and make assumptions about how long it would take to break the key, then switch keys frequently. Don't store files signed with your private key online, of course, and just make sure files stored in public "expire" within a reasonable amount of time.

Do that, and you can essentially forget the "indirect" problem, as well as be able to have some confidence when communicating.

Even if - essentially - the most useful part of enforcing a schema like the above with your company or clients, etc, is that they suddenly are aware of that it's not a brilliant idea to post stuff from the internal network on facebook, and so on...

I mean, if you look at breaches they are in 99% of the cases some idiot employee sending private correspondence via yahoo or hotmail.

Oh, yeah, and it's always really funny to make confident people turn into paranoid wrecks. Love that part, I can't deny it.

 

Yeah, with consumer level internet access, it can be less than empowering, but with the right backbone it is not too much of an exaggeration, imo.

As usual; nothing exists in a vacuum - the whole system has to be taken into consideration to evaluate it in the proper context.

See:
Network Services

 

I've been using SpiderOak for a few years now. Files are encrypted on your local machine so nobody (not even Spideroak staff) can access them. Don't ever forget/lose your password as there is no way to reset it and recover your data...

One caveat is that the "cloud" functionality of Spideroak is not that great in comparison to services like Dropbox. I think that's the tradeoff you have to live with for security. I believe Spideroak does support Truecrypt, so it uploads changes and not the full container. But with Truecrypt you totally lose "cloud" functionality and are basically just using your cloud as an online backup for your truecrypt file.

If you want to use something like Skydrive, there are encryption solutions that are easier to use (IMHO) than Truecrypt since they encrypt individual files, not one big truecrypt container. An example of this is Boxcryptor - https://www.boxcryptor.com/.

 

um...it has nothing to do with my connection. if it did, then it should at least come close to matching Dropbox's speeds (not even close),

How do I make Skydrive transfer faster - Microsoft Community

EDIT: you're right, the whole system does need to be considered. unfortunately for consumers, the problem is on the Microsoft end atm.