Forecast Cloudy

Snoops, Thieves, and Idiots – The Weak Links in Cloud Storage

There’s only a single password standing between them and your most valuable files.
[photo via PerspecSys]

[photo via PerspecSys]

Cloud storage services like Drive, Dropbox, and OneDrive are a growing part of American business. But these services are like other password-protected accounts you have — for anyone storing something sensitive, they leave your storage as vulnerate to phishers and black hats as your Facebook or Twitter accounts.

Enter Viivo, an encryption program made by the same company that invented the ZIP file.

Third party encryption software like Viivo adds a layer of encryption between you and your cloud storage. Instead of dragging your file into your Dropbox folder, for example, you drag it into your Viivo folder, and the rest is taken care of.

The software acts like a tube between you and your cloud storage provider, so if someone logs right on to your Dropbox account without your encryption keys, all they get is jumbled nonsense.

“The file sync and share guys give you easy-to-share functionality,” Matt Little, Product Manager for Viivo, told Betabeat. “It’s so easy to share that people don’t give much concern to the security access.”

Privacy protection tools are gaining notoriety surrounding NSA sensationalism, but big government spying isn’t the only threat to everyday cloud services.

The team at Viivo breaks down the offending parties by three categories:

  • Snoops – Cloud storage facilities that comply with legal demands for information.

  • Thieves – Corporate competitors, opposing counsel, China.

  • Idiots – Big companies with massive infrastructure making big mistakes.

Dropbox and other cloud storage providers display open policies about government requests, and publish transparency reports outlining how they’re dealt with. But the fact remains that they get requests for their consumer’s data, and they often give it up.

“It’s their data once you put it in their service,” Mr. Little said, “They’ll hand it over if they feel it meets their terms. You don’t get to participate in that decision at all.

And if they subpoena your encryptor? The keys are still with the customer, so not even someone like Viivo can get to the unencrypted information once you’re using their tool.

A couple of the biggest names in the cloud storage game are possibly headed toward an IPO, and according to the Viivo team, this could defer blame for any backlash against these companies in the future. But the big guys are aware of the problems, and aren’t above recommending third party encryption services.

“Evernote has been particularly good about that,” Mr. Little said, “ and Dropbox has come out and said that there are third party encryption platforms. Use one of them.”

While services like Viivo are often free or low charge, it can be increasingly difficult to determine which are necessary, and which are profitable ways to exploit your paranoia — though we must admit, it can’t hurt to provide more than single-password protection.

Follow Jack Smith IV on Twitter or via RSS. jsmith@observer.com