In this post I will lay the ground explaining the need to deploy VPN and some considerations about the so-called cloud services and implies trusting them with your data
Data Transport Issues
We expect our data to be always available wherever we are. Most of the time data is not physically on our device: it will have to transit across a network connecting our device to the physical storage. Rarely we think that the letter we are writing to the credit card company contains all the details that could be used to steal our identity or clone our card. We connect to our data storage service often without thinking where out traffic is going, what networks are crossed, who administer them and if there is a chance for someone to listen to our traffic. If the network is physically confined (wires, fiber optics, wave guide ..) an eavesdropper will have to tap the wire (i.e realize a physical connection to it, if possible) while if you are using (and most of the time you are) a wireless connection, listening in (i.e. be connected) to your WiFi hotspot might be more than enough to intercept your traffic. Very often nowadays access to data across the network happens through SSL or TLS encryption and this partially mitigates the risk above, but accessing web pages, requiring a username and password on a non SSL/TLS server exposes precious credentials to packet snooping. This also applies to any unencrypted form filling (i.e. leaving feedback at the bottom of this or any blog posts ask you to fill in name and email – these are sent in the clear across the Internet)
Data Storage Issues
Once the data has crossed the network and reached destination it will be stored on someone’s servers. These remotely accessible storage solutions are now known as “cloud” In general terms any service allowing you to store in a Network Accessible storage service, share the data between multiple devices goes under the generic name of cloud. Google, Apple, many Telco’s, Enterprise Service providers all of them have launched their cloud solutions.
In this scenario you data will be staying on a server under somebody else’s administrative control and it is crossing unsecured networks. Most of the cloud provider will guarantee you that the traffic will be encrypted both in transit and on their servers, sometime they will also tell you there is no need to make your own backups and the data are replicated in multiple data centers.
These claims are most of the time true and the number of users would eventually allow this service provider to offer good redundancy at cheap rates. The British Financial Services Authority has written a nice document about protecting customer data which has plenty of questions you might wish to ask your cloud provider (or search in term and conditions). Some tease examples:
- Are the premises physically secured?
- Do employee have access to my data?
- Is my data encrypted?
- Are backup encrypted?
- Are there any offsite locations for the backups (think disaster: flood, fire, hurricane – no use to have multiple copies of your data destroyed at the same time …)?
- But above all: what are the provision in my Service Level Agreement (SLA)?
- Do I lose any right (copyright, right to extract a copy at any time, right have a fair advance warning if you decide to shut down the service to be able to retrieve my data)?
Sometimes, after getting satisfactory responses, you will find out that getting a proper SLA is way more expensive than budget-able for a small SOHO need. I all of this you would at best give access to you data to the network administrator of the cloud service. You can of course store encrypted data with some loss of functionality.
If you are interested in the matter, I would recommend a very balanced post by Christina DesMarais titled Can You Trust the Cloud with Your Personal Data?. I disagree about considering your personal backups unnecessary, but it is only a statement by the interviewed guest.
Also compromission of data (the release to undesired recipient of otherwise private information) do happen when using cloud/remote storage: read about Twitter’s release of internal docs
Data access issues
Let’s now say you have a service that encrypts all data (stored and in transit) there is no third-party access, you have gained all the necessary SLA guarantees but you choose your son’s first name as password for your account (bob) and your first name as username. Do you really think your data will stay safe for long? You need to use the best lock you can afford to secure access to your data.
The use of good password is critical. Google is buying whole pages on mainstream newspapers to advertise their Good to Know Effort to show the importance of good network security. But even selecting a very good password does not protect you from replay attacks. More details on the need for stronger authentication are here.
I hope I seeded the germ of doubt on the soundness of sharing our personal data or maybe to grant someone else access to them in exchange for the right of storing them on their servers. Encrypting data in transit is a must and the need to set proper password cannot be overstated since compromission of a username/password would give somebody the tools to impersonate you on-line.
In these posts I will show how these issues are addressed in my setup:
- Network access storage accessible from Internet and Hosted at home
- IPSEC & SSL VPN terminated on my home router
- 2 factors authentication using one time passwords
All of the above without breaking the bank so the architecture is affordable both for a Home deployment or for a small office deployment.
Go back to Index