Friday, June 25, 2010

Computing in the cloud and securing my private data

Since my computers are all connected to the Internet and there are many benefits in having my 'public' computing activities hosted or stored on public (free) computers, I have been assessing whether I can keep some  of my personal or 'sensitive' files in the 'cloud'. I have concluded that none of my sensitive data should ever be put in the'cloud'. The main reason for this is that, once these bits and bytes have been sent through my ISP's servers, they are in effect 'public' or at any rate potentially so. Essentially, I have lost control of where or to whom they are sent. I have always considered my email, blogs, webs and so on as essentially open to all, or at the very least to external organizations that demand these files from ISPs and 'cloud' resource managers. That way, I hope that I have not put myself in a situation where these files could cause me problems. I am very polite in these public venues.

The items that should not be 'visible' to the outside world are my password lists, private diary entries and thoughts, my photos and personal documents, including scanned copies of my passport and my bank and credit card details. My personal address database is also private and needs to be protected. I store these files as 'invisible' items for local use only inside encrypted volumes on the local hard disks of my personal computers. These files are synchronized to each other by using batch files to send them over the local network and with a portable hard drive, which is also encrypted. There are other layers of encryption. My private documents and databases can only be opened in their applications with a password. I use TrueCrypt as the tool to make encrypted virtual local drives within the hard drives of my computers and I 'hide' my private files within them. I try to ensure that these files have never been sent across my ISP's networks, or into the 'cloud'. I do not mount these virtual drives except when I need them and I do not leave them 'open' when I am surfing or using the Internet. If I had really sensitive (military-equivalent) data, I would keep it on a notebook computer which never accessed any network and which did not have any USB ports. Backing up hidden files to an on-line resource is clearly not a good idea, so I have to be responsible for making safe copies myself. I do not  allow any access to my computers from other computers outside my local network, although I recognize that this does not prevent others from maliciously entering my network and computers through crafted web pages, Trojans or key loggers. I just have to be alert and compute as safely as I can.

But the 'cloud' has many virtues. One is the excellent feature of many of Google's on-line resources that are often linked to each other: I can write a blog in my gmail account or in a Google Doc and publish it on my blog directly from either of these applications, as well as editing the blog directly in Blogger. I hope that other cloud resources will work as well as these, so that I need only one portal for many of the on-line files that I generate and use. Perhaps this will be a feature of  Google's OS?

I conclude that I have to compute in a schizophrenic manner, with two sets of rules, one for public and one for sensitive data. I have to decide which type of data is in each file before I create it.

I believe that a local encrypted virtual drive should be available to every user, to contain sensitive data in hidden files. Add that strong recommendation to my earlier one: that every computer should have two hard drives one of which is removable and which is used to clone the system drive and to replace it when it dies, a fate (like taxes) that all are subject to. Plan ahead!

Christopher Spry
Wimbledon, London
Updated 15:37, 29 June 2010

No comments: