Personal risk management in the cloud
Patrick Rhone wrote an excellent take on data security not that long ago. His recommended approach for eliminating all risk of data theft was simple:
Don’t have data.
Obviously life in the 21st century is impossible without data, and it seems like every week, there’s another reason to store more data on machines you’ll never see or control.
If a company has invited you to store your data with them, I think it is completely reasonable to expect them to keep your data secure. That’s their job. And if they don’t do their job, may the media have mercy on their soul.
But I think it is totally unreasonable to expect that your data will never be exposed at some point in your lifetime (and beyond). The numbers are way, way against you.
Avoiding “the cloud” isn’t the right answer. Protecting what you put there is.
For every file I store online, whether it’s mass storage or Dropbox, I think about the risks of those files being exposed. If it’s something I definitely don’t want someone else to get their hands on, I encrypt it.
I may not be able to control whether someone gets my data, but I can at least make life hard for them if they do.
There are three main ways I do it:
- Secure disk images
- Encrypted PDF using PDFpenPro
- Arq’s encrypted Amazon S3 backup