Cybersecurity is a serious concern for both businesses and individuals. A growing number of global cyber threats, data breaches, and cybercrimes in recent years have made it to the news headlines. It is estimated that cybercrimes will cost $6 trillion a year by 2021.
Yahoo has been a victim of one of the biggest data breaches in history. Well over 3 billion user accounts were hacked by Russian hackers in 2013. Yahoo approached the FBI in 2014 and publicly informed its users to change their passwords in late 2016.
Canva data breach is one of the most recent ones where hackers stole the password of more than 4 million Canva users. The attack was identified by Canva in May 2019. The encrypted passwords of the users were made available on the internet leading to several issues for Canva users.
Cloud storage companies that store all types of user data on their servers have had some serious data breaches. Data Deposit Box is a cloud storage company based in Canada. It faced a serious data breach in December 2019 that exposed the personal details and data of its users. More than 270K private files were exposed that leaked users’ email addresses, encrypted passwords, admin login credentials, and IP addresses.
The data breach faced by Dropbox in 2012 is another example of how your data is at risk even with cloud storage companies. The email addresses and passwords of 68 million Databox users were hacked and were available for sale in the darknet. It was over 5 GB of data that was breached and made publicly available.
Data security is one of the biggest challenges today. An increasing number of individuals and businesses store their data on the cloud. Nearly 49% of organizations have stored more than half of their data on public cloud storage companies:
According to Flexera, 93% of enterprises have a multi-cloud strategy and they use a mix of public and private cloud storage for storing and sharing files. But cybersecurity has been a major concern for cloud users. As much as 82% of cloud users have faced a security event and 33% said that detecting and reacting to security threats and incidents in the cloud is the biggest cybersecurity challenge they have experienced or are experiencing:
Realistically, cloud usage is a must today. There are heaps of data that needs to be stored online for instant access from multiple locations and across devices. Cloud storage is the need of the time and it will only increase.
Not using a potentially useful service due to cyberthreats isn’t a solution. You need to figure out how you can save your data on the cloud from cyber threats.
One of the most overlooked, yet critical, security variables is the data center location of the cloud storage company. It is linked to data security, the company’s privacy policy, and cost. Let’s see how the location of the data center of the cloud company helps you fight cyber threats.
Data Security
The location of the data center where your data is stored by the company has a huge impact on its security. Data in transit can be intercepted by hackers even if it is encrypted. The closer the data center is to your location, the better.
Why?
Because it will reduce the transit time of your data which means the time it takes to send and retrieve data from the data center will be minimized significantly.
Data transfer on the internet isn’t linear. When you upload and save a file in the cloud, the data is transmitted via the internet and it passes through several networks, routers, and switches. And this is where data can be intercepted easily as opposed to when it is at rest.
Selecting a local data center preferably in your country is an ideal way to minimize data breaches.
Local Data Protection Laws
Data protection laws vary from country to country and the place where the data center is located must follow local data protection laws. The data centers in the EU are governed by the General Data Protection Regulation (GDPR) that impose strict data security and privacy rules on companies operating in the EU.
Similarly, storage companies in the US and other parts of the world must stick with the local data protection laws to ensure data and privacy safety of the users.
A cloud company having a data center located in the EU is more focused on privacy concerns (thanks to GDPR) and must maintain privacy as a rule of thumb. If you’re looking for EU privacy and security standards, we highly recommend trying pCloud that has a data center in the EU as well as the US, and it allows its customers to choose where they want data to be stored.
Source: pCloud Europe
pCloud takes your data security a step further with its client-side encryption making your data encrypted in transit and at rest. Importantly, the decryption key stays with the user and is never saved in the server or shared with anyone else. With Zero Knowledge protocol and Swiss data protection laws, nobody but the user has access to the encrypted data and nobody knows what data you have stored in the cloud.
Cost and Connectivity
An added benefit of choosing a local data center is reduced cost. When data is stored in a local data server, the cloud company needs fewer resources and infrastructure for operation (e.g. short fiber optic, fewer switches and networks, etc.).
The cloud company saves money with local data centers and while it might not cost end-users less, it will spend money to improve security, network, and infrastructure.
Another additional benefit of the local data center is uninterrupted connectivity which relies heavily on proximity. Data can quickly move in and out of the data center leading to improved bandwidth and connectivity.
The data center location of the cloud company plays an essential role in data security, privacy, and cyber threats. If you are in the EU and concerned about your data security, try a company with a data center in the EU. If you are in the US, try a company having a data center in the US irrespective of the Patriot Act. The impact of proximity outweighs it anyway.
Brian Wang is a Futurist Thought Leader and a popular Science blogger with 1 million readers per month. His blog Nextbigfuture.com is ranked #1 Science News Blog. It covers many disruptive technology and trends including Space, Robotics, Artificial Intelligence, Medicine, Anti-aging Biotechnology, and Nanotechnology.
Known for identifying cutting edge technologies, he is currently a Co-Founder of a startup and fundraiser for high potential early-stage companies. He is the Head of Research for Allocations for deep technology investments and an Angel Investor at Space Angels.
A frequent speaker at corporations, he has been a TEDx speaker, a Singularity University speaker and guest at numerous interviews for radio and podcasts. He is open to public speaking and advising engagements.
Nope. When they uncovered one of several sites acting as a command-and-control server for the attackers it was registered to "Steve Rogers" and "Tony Stark." Those two guys have some explaining to do.
If you're talking about the OPM data breach, the way I heard it at the time, it was actually worse than that. They'd hired programmers to remotely manage the database, and given them appropriate logins and security credentials.
Those programmers were working out of China…
That account of events has been buried pretty deep by now. But that's what was being said at the time.
Certainly you do not keep more than a tiny fraction on machines connected to the web, regardless of safeguards. That's how Uncle Sam managed to give all of my security clearance paperwork, every detail of my life, to the Chinese, neatly packaged as a gift along with that of millions of others.
The idiots left it sitting on a machine connected to the web for over two years. It shouldn't have been there for more than a few days, at most, regardless of whatever other precautions they should have been taking.
I had access to highly classified material for around three decades, as a member of the military, and later as a private contractor, and I kept every secret they ever gave me, yet they could not keep even one of mine that I had to give them.
It's not just cyberattacks that we have to worry about. A corona mass ejection almost caused a massive electromagnetic pulse in 2012 that could have destroyed most electronic data and communication on Earth, possibly downing nuclear power plants or even starting WWIII. See more in this video: https://www.youtube.com/watch?v=hESunUuFrzk
including how CMEs have happened regularly many times in the past. The difference today is that almost everything is digital – including all banking records, health records, and just about every piece of information, and almost none of it is adequately protected against an EMP from a CME.
Is this an advertorial for pCloud?
My employer backs up off-site. Off-site on site; They have more than one site, and each of them backs up the others.
But the drives are all in our physical posession.
many insurance companies frown mightily upon businesses that do not back-up off-site.
ahh.. so biometric data entry only – say a finger-print dongle that is portable and can be used instead of any keyword (or other memorized) password input — seems like it would be cheap since the tech is so widely available on phones, etc. The only way to short-circuit stupid staff is to not allow them the opportunity to stupid-it-up.
That mostly solves a problem that doesn't happen too often.
Why would most hackers go to the enormous trouble of intercepting your communication and trying to decrypt it when they can just phone or send you an email saying "This is Max in IT, what's your password?".
"..Data in transit can be intercepted by hackers…"
Yes, it can. It's also extremely difficult, that's why this form of hack is probably as common as voter fraud.
Your company data isn't safe in the cloud because your employees are lazy and stupid, not because of interception and bad encryption.
sorry but whatever happened to the 'golden chalice' of quantum cryptography?
Not to worry. The replaced it with something much better…. didn't they?
Expect anything you do online, however briefly, to be tracked and available to third parties. I'm not saying it always is, but it can be and there is no way to tell when your data has been persisted by the end web site or any intervening service providers, surf accordingly.
Sounds an awful lot like, "You can keep your health insurance, if you like it."
Bottom line: The most effective way to secure data on the Cloud is to not put it on the Cloud. There is no data center closer than your own facility.