5 practical steps to keep your data secure in the cloud

5 practical steps to keep your data secure in the cloud

Summary: Despite the increasing prevalence of cloud services, many of us remain naive about the necessary steps we should take to keep our online assets secure. These five simple guidelines will go a long way towards helping you keep online threats at bay.


Apple's announcement of iCloud today is yet more evidence of the unstoppable migration of data and assets to the cloud. Despite the shocking recent breaches of security at a variety of organizations, including the multiple breaches that have afflicted millions of Sony customers, more and more of us are entrusting personal or business assets to the cloud. This is an irreversible trend. It's not going to stop.

Yet many of us remain naive about the necessary steps we should take to keep our online assets secure. I'm not talking about excessively geeky ways to preserve your online safety. Just following these five simple guidelines will go a long way towards helping the average man or woman at work and play to keep online threats at bay.

1. Don't take security for granted

There are two routes to your online assets. One is through the cloud provider's infrastructure, and as the headlines constantly remind us, even household names don't always do everything they should to keep your secrets safe. But the second route is even more potent, and it's much closer to home. The easiest and most prevalent route for an intruder to access your online records is through your login details. Of course you need your provider to be secure, but don't let that make you careless about your own login details.

2. Use strong, memorable passwords

The trouble with making up strong passwords is that they're not memorable. The trick is to start with something memorable and then turn it into a strong password — which means mixing numbers, letters, lower and upper case, maybe a few symbols as well. What do you already know from memory that jumbles up all these different types of characters? Start with addresses, car license numbers, telephone numbers, dates of birth. But don't use your own — use people you know; friends, employers, parents, partners, previous addresses; or old addresses of your own and cars you sold a decade ago. Anything that can't be linked to your online persona but always jumble it up — half a zipcode, a name with part of a birthdate, segments of an address. Then add in a dash, an exclamation mark or an @ sign to spice it up some more.

3. Guard the crown jewels of your inbox

Of course you're going to reuse passwords, especially for sites where you're not storing crucial data like your credit card numbers, date and place of birth, address or social security number. But there's one site where you should always use a unique and strongest possible password — your email inbox. Because this is the one place where all your other logins redirect to when you reset a password. This one location is the passport to all your other online assets.

Although it's a hassle to do so, you should consider double-protecting your inbox with two-factor authentication, which means you have to enter a secondary code (for example a code sent by SMS to your mobile phone) to get access. This is especially important if you have a habit of visiting malicious websites, you never remember to keep your anti-malware software up to date, or you have a track record of failing to recognize phishing emails.

4. Don't leave the password recovery back door ajar

Very often, people take all kinds of precautions to protect their login information but make it really easy to reset their password through the password recovery mechanism. If your user ID is totally easy to guess (it's often your email) then don't use something obvious or easy to discover for your password reset, such as your date or place of birth, mother or wife's maiden name or some other readily sourced personal information. That's as lame as leaving your doorkey under the front doormat.

5. Have an alternate to fall back on

Security is all about risk mitigation, and however careful your planning, you can't eliminate all risk. So give yourself a fallback. Don't put all your cash in one online account, have a separate emergency email address, make sure you've got a 3G card or local Starbucks you can resort to if your main Internet connection goes down. Knowing that you've got a second option if the worst happens helps you keep a cool head in an emergency, which gives you a better chance of surviving a crisis.

Topics: CXO, Banking, Enterprise Software

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • you forgot something....

    The files themselves can be encrypted. For example, using the (free) program "Truecrypt", you can generate containers with various strength encryption settings. Although you can't (presumably?) open them inside the shiny cloud environment, they can be downloaded and locally decrypted. If you have a keylogger, you are SOL anyway but if someone swipes your file from the cloud without the keys, its pretty hard to crack.
    • Don't give in to keyloggers ...

      For the paranoid, the simple keylogger is easily defeated by the mouse-controlled cursor used in conjunction with the delete key and copy, cut and paste key combinations.
  • Wrong!

    "This is an irreversible trend. It?s not going to stop."
    You are not correct. This is a trend that has not started - not for me. Nor will it. I don't care about the security issues. I care about being able to access my data.

    You advocates claim that all one needs is a "web browser and an Internet connection". There's the rub. I have three browsers but seldom have a satisfactory connection. Indeed, when I travel around Europe it can be difficult to find a connection at all.
    No clouds on my horizon then.
    • RE: 5 practical steps to keep your data secure in the cloud

      +1, this is a non-starter for 99% of the things I do... None of the companies I work with have any plans to move anything to the "cloud" either....

      It has uses, however anyone that thinks it's the one tool to solve all problems is an idiot.
  • RE: 5 practical steps to keep your data secure in the cloud

    Same old promise as thin client computing. Good for some things, lousy for others. Keeping my music collection in the cloud (with a good backup at home) makes sense. Storing my tax documents in the cloud... not so much.
  • RE: 5 practical steps to keep your data secure in the cloud

    next time you wake up, you will be in the cloud whether you want it or not. Credit and debit cards and the whole banking system is the money cloud - and you are already using it. The data cloud won't be any different - its convenience, value and security will soon so vastly supersede local storage that you will have little choice but to use it. Maybe wake up now rather than later?
    Alex Gerulaitis
  • "This is an irreversible trend. Itâ??s not going to stop." !?! Not so quick!.

    The trend will come to a screeching halt the first time that there is an extended power outage, or an ISP goes down for a long while, or the cloudy service provider goes down for an extended period.

    If people begin to trust and feel secure with their data online, and a service such as iCloud is suddenly not accessible for millions of people, then people will have learned a big lesson and Apple and other cloud service providers, will suffer big consequences in their stock prices and in their sales of gadgets which depend so much on cloud service.
    • It's irreversible alright

      @adornoe@... so after Amazon cloud went down for three entire days in April and Sony Playstation network shut down for four weeks due to hacking, where is this screeching halt to cloud services that you speak of? We have seen mulitple instances of cloud providers going down and yet still the surge of cloud adoption proves unstoppable.
      • Do you understand the meaning of

        Extended: Relatively long in duration.<br><br>A few minutes or even a few hours, is not extended (although to some people, a few minutes is a lifetime).<br><br>If you depend upon service where your data is kept, and you are solely dependent on that data to get anything of value accomplished, then even a few hours will have a major impact on your "computing" or access. Now, extend that to a day's outage or even a week, which can happen after storms or tornadoes or hurricanes, and you are going to be furious and demanding that the cloud service provider give you back your data so that you can go elsewhere or so that you can access it locally at your desk or computer. <br><br>Look, there will always be cloud services, but hopefully, not for critical data and applications.

        So, the keywords end up being "extended" and "critical", and for some services, extended and critical don't apply. I could go without iTunes or without a book reading service or without eMail for a week, but, for access to personal data and for data that is pertinent and needed for a business, a few hours can have very detrimental effects to a business or to an individual.
  • RE: 5 practical steps to keep your data secure in the cloud

    At least 90% of the stuff I do (development and engineering) is just not gonna happen in the cloud. No flipping way am I gonna let our industry secrets up in some magical ether where who knows can access it without anyone else knowing.

    Using web-based mail and other cloud services are a different matter to all this. Many more services will migrate to the cloud I'm sure, but there will always be, for me at least, the majority of my work stuff local-only. It can't and won't be any other way.

    Horses for courses.
  • RE: 5 practical steps to keep your data secure in the cloud

    Better steps:

    1. Don't put important, valuable, and/or confidential information outside of your direct control (e.g. "in the cloud"). It will unavoidably be deleted/lost/unavailable/hacked/modified/copied.
    2. See step 1.
    3. See step 2.
    4. See step 3.
    5. See step 4.

    When the inevitable happens to the sheep, my business will remain secure and running, and my customers will thank me.

    Am I the only one bothered knowing there's actually a sort of person out there who would even consider using a "cloud" for anything? They're actually TELLING you in the name that it's murky and mysterious and risky.
  • My two steps for secure data in the clouds

    1) Buy a pocket drive with integrated encryption (preferably an SSD based one).
    2) Don't put anything you need to rely on or don't want someone seeing on the internet.

    There. Problems solved.
  • RE: 5 practical steps to keep your data secure in the cloud

    not the cloud it is so unsafe it stores your file over seas and parts unknow they can not tell you were your files are you think it is safe what a joke hackers are talking about it right now on the world of the web microsoft and sony want you to think it is safe waht a lie