External drives, the cloud, and more: what’s the safest way to save your files

Share This Post

- Advertisement -

THE safety of files is a problem that has grown over time: from the danger of having everything in the “cloud” to the possibility of an external drive being stolen, there is no definitive answer to the question of the most efficient method. But you can take some steps so that getting hacked is much more complicated.

- Advertisement -

“Nothing is absolutely certain: there is something quite difficult to do so that the investment of resources is meaningless in breaking security,” he sums up in dialogue with clarion Esteban Mocskos, Professor of the Exact Calculus Department of the University of Buenos Aires.

Under this idea, one of the products that is already starting to be marketed massively is a type of external hard drive that can be encrypted with a key on the device itself: that is, security integrated into the hardware (which can also be done with traditional disks, but via software).

- Advertisement -

On the other hand, hosting files on third parties like Google Drive, Microsoft Azure or Amazon Web Services (AWS) has become the norm for many.

Here, pros and cons of each system, how these disks work password and the word of the experts on which is the most viable option for storing our work, photos, documents and even financial assets.

Iron Key: Kingston pen drives and disks with key

Keypad 200, the most portable version.  Photo Maxi Failla

Keypad 200, the most portable version. Photo Maxi Failla

Kingston is one of the best-known brands in terms of storage drives: pen drives, external drives, SD memories and more. Since last year, it has pushed hard two devices aiming at file security: IronKey Vault Privacy 80 and Keyboard 200.

“Traditionally, encrypted devices have always been relegated to a very specific niche in the business world: banks, finance, drugs, the militarymilitary, police, people who manage confidential information of national security or of great financial importance,” explains José Luis Fernández, Kingston’s Technology Manager for South America.

“However, online banking today has a preponderance that it didn’t have a few years ago, today people invest in the stock market, manage their banks from the Internet, buy cryptocurrencies from digital. Today people have the potential to have a lot of digital assets that are directly money or are worth money, a lot of information is managed by bank passwords, sites, having to do with privacy, personal safety and that of your family ”, adds he .

While the first difference seems to be storage space (the pen drive we tested is 32GB, the external one is 480GB), they also have different encryption methods: “The pen drive’s encryption algorithm is fairly standard (and well-established , old), AES-XTS it’s okay if the disk is small, because in part the probability of a successful attack increases with the number of encrypted information blocks,” explains Mocskos, also an independent researcher at the Conicet Computational Simulation Center.

The case of the external unit is more complex: “It uses the same algorithm from behind, but its production process is based on more solid techniques. The certification EAL+ that Kingston applies is based on an audit of the manufacturing and design process, as well as several tests that are carried out on the product,” he develops.

“I guess part of what they’re trying to do in this other product is make it difficult for them to access encrypted content directly,” he says.

The disc changes the order of the numbers on the keyboard each time it is turned on.  Photo Maxi Failla

The disc changes the order of the numbers on the keyboard each time it is turned on. Photo Maxi Failla

Now, what is the difference between this type of disk and encrypting a file using software, i.e. entering a password on a common pen drive?

“An encrypted file system on a common flash drive is based on the idea that the decryption is done on your PC or notebook and you can download all encrypted information from your flash drive no problem and try it to see if you’re lucky,” says the expert.

“The difference with a pendrive or an external disk with hardware encryption support is that it passes the encryption-decryption of your PC to a processor that is added to the pendrive, so the interaction between the pendrive and the PC is expected only if you put the key that authorizes it: in principle, encrypted information could not be accessed without that key”, clarifies the teacher, thus obtaining a further step in security.

Hardware encrypted disks can be hacked, however, in what’s known as “tampering”: “You can think of cutting up the disk and soldering ‘stuff’ on it so you can modify it and make information easier to access,” Mocskos explains. .

“As the manufacturer specifies, it is tested and designed to make it more difficult to tamper with, because these techniques were EAL5+ certified before, the manufacturer has to pass some tests that specifically challenge it. This is also what makes the product design process significantly more expensive (and because of that much more expensive): depending on your capability, start in 95 thousand pesos.

A clarification that must be made, yes: these discs are not waterproof malware (viruses): Have methods that encrypt to protect access by third parties. If your pen drive gets infected then your files and the computer it is connected to will definitely get infected.

The cloud: what the big names say

Microsoft is one of the big cloud computing providers.  photo by AFP

Microsoft is one of the big cloud computing providers. photo by AFP

The other option is to use third-party computer services, i.e. what is known as “the cloud” in reference to the fact that the files are uploaded to an external server. Something that, after all, is quite far from vaporous and ethereal: they are computers from giant companies like Google, Microsoft and Amazon.

Now, what happens when we upload a file to, say, Google Drive?

“In Drive, when a user uploads a file, it’s securely stored in data centers. And these are encrypted both in transit and at rest, meaning the data is safe in the “path” it has to take between the device, Google services and the data center, and then, when it’s stored,” he explained. Google Argentina a this medium.

The enterprise attack surface is huge: the more users a service has, the greater the risk. According to the company itself, Gmail automatically blocks “over 99.9% of spam, the phishing and malware and almost 15 billion spam messages”.

Another online computer service that dominates the market is blue microsoftwhich has one of the most used programs in the world: office. The fact that it is one of the applications with the highest number of users brings about a potential problem similar to Google’s, which is that it has a huge attack surface (the more users, the more potential victims).

Santiago Cavanna, Chief Information Security Officer (CISO) of Microsoft Argentina, explains: “Con Microsoft defender Data and devices can be secured to protect against malware, receive real-time security notifications, and provide safety advicewhich help keep our data and devices much safer when we’re online.”

“For illustrative purposes only and so that we fully understand what we are up against, Microsoft security tools detect daily 1.5 million attempts to compromise their systems. At Microsoft, we not only reject these attacks, we learn from them – our analysis incorporates an incredible amount of counter-attack intelligence and intelligence,” he adds.

Microsoft 365 protects your data, gives you the flexibility to work where and how you want, and gives you new ways to collaborate with others. Microsoft 365 offers advanced protection against viruses and cybercrime, through tools that keep information safe and private, as well as providing ways to recover files that have been attacked,” he concludes.

Servers, servers and data centers, cloud computing.  Photo Pexels

Servers, servers and data centers, cloud computing. Photo Pexels

Finally, a big player in cloud computing is AWS.

“The AWS cloud was developed with the goal of meeting the security requirements of military entities, banks all over the world and highly sensitive organizations, has more than 300 security tools and complies with 98 safety standards and certifications,” says Américo de Paula, Leader of Solutions Architects of the commercial sector for Latin America.

“This infrastructure is what allows us to attack one of the big problems facing society today, which is data hijacking (or ransomware), and thus protect the millions of users who have trusted our cloud for more than 16 years. “, addition.

While the three representatives agree that the cloud is one of the most secure ways to host files, services and processes today, there are two issues to consider.

On the one hand, the three agree on user education and the importance of being vigilant: never share personal data with anyone, always have a second factor of authentication, log off when using someone else’s computer, and create secure passwords ( or, better yet, use a key manager anyway). That means: user behavior is the key.

On the other hand, outside the cloud model, it is always essential to have information backups according to the well-known backup rule 3,2,1: even if all these rules are guaranteed and are based on solid numbers, having the information available The backup is the responsibility of the user.

conclusions

Disks, cloud and hybrid model.  Photo Maxi Failla

Disks, cloud and hybrid model. Photo Maxi Failla

probably a model hybrid between cloud and physical disk is one of the best options to protect your files: both have their pros and cons.

The cloud is convenient, and major players do not hesitate to say that it is secure. But there are nuances.

“As the people at Google say, files are encrypted for transmission and storage, but not for processing. So there’s always a time when that data is available. no encryption. Examples of data leaks in the cloud are many. Who for hacking, who because they use some gadget to deceive users: Cambridge Analytica is an example of data theft’pseudo authorized’”, warns Mocskos.

“In summary, there is no absolute notion of security, it all depends on the value of the information to be saved. The phrase ‘you can rest assured that your information won’t be accessible to anyone if your drive is stolen’, well, it all depends on the investment the person stealing your drive wants to make and who you want to protect yourself from,” he reflects.

“An encrypted drive is secure, but as long as you have information on it that’s not worth enough. If they steal it from you, over time, its security could eventually be broken,” he adds.

He illustrates this with an example: “if you are 007 and you have the list of double agents infiltrated in the KGB, I don’t know if I would be so calm. If you have photos from a party that you don’t want your partner to have easy access to, you can rest easy,” she closes.

Thus, buying a hardware encrypted external drive is an option that provides comfort and safety at the same time to most average users for the type of information they want to protect (although this still comes at a very high price).

And, as you can see, not 100% sure. but why is there no such thing in terms of safeguarding information – everything, bar none, can fail.

Source: Clarin

- Advertisement -

Related Posts