The Limited Times

Now you can see non-English news...

External drives, the cloud and more: what is the safest way to save your files

2023-03-28T10:12:36.760Z


From encrypted storage to Google Drive, AWS, and Azure, they all have pros and cons. What do the experts say?


File security

is a problem that has grown over time: from the danger of having everything in the "cloud" to the possibility of an external drive being stolen, there is no definitive answer to the question

of

safest method.

But certain measures can be adopted so that being violated is much more complicated.

"There is nothing absolutely secure: there is something difficult enough

to make it pointless to invest resources

in breaking security," he summarizes in a dialogue with

Clarín

Esteban Mocskos, Professor of the Department of Exact Computing at the University of Buenos Aires.

Under this idea, one of the products that is already beginning to be commercialized in a massive way is a type of external hard drive that

can be encrypted with a key on the device itself

: that is, security integrated into the hardware (something that is also can be done with traditional disks, but by software).

On the other hand, hosting files on third parties such as Google Drive, Microsoft Azure or Amazon Web Services (AWS) has become the norm for many.

Here, the pros and cons of each system, how these

password-

enabled disks work , and the word of the experts on which option is the most viable for storing our work, photos, documents, and even financial assets.

Iron Key: Keyed Kingston pen drives and disks

Keypad 200, the most portable version.

Photo Maxi Failla

Kingston is one of the best-known brands in terms of storage units: pen drives, external drives, SD memories and more.

Since last year, it has been pushing two devices that are aimed at file security:

IronKey Vault Privacy 80 and Keypad 200.

"Traditionally, encrypted devices have always been relegated to a very specific niche in the business world:

banking, finance, medicine, the armed forces

, the military, the police, people who handle confidential information of national security or very large financial importance," explains José Luis Fernández. , Kingston Technology Manager for South America.

“However, online banking today has a preponderance that it did not a few years ago, today people invest in the stock market, manage their banks from the Internet, buy cryptocurrencies from digital.

Today people have the potential to have many digital assets that are directly money or are worth money, a lot of information is handled from bank passwords, sites, that have to do with privacy, personal security and that of your family”, he adds.

Although the first difference seems to be storage (the pen we tested is 32 GB, the external 480 GB), they also have different encryption methods: “The pen drive encryption algorithm is quite standard (and established, old),

AES -XTS

is fine if the disk is small, since in part the probability of a successful attack increases with the number of blocks of information that are encrypted”, explains Mocskos, also an independent researcher at the Conicet Computational Simulation Center.

The case of the external drive is more complex: “It uses the same algorithm from behind, but its manufacturing process is based on more solid techniques.

The EAL+

certification

that Kingston applies is based on an audit of the production and design process, as well as on different tests that are carried out on the product”, he develops.

“I imagine part of what they're trying to do in this other product is make it difficult for them to access the encrypted content directly,” he argues.

The disk modifies the order of the numbers on the keyboard each time it is turned on.

Photo Maxi Failla

Now, what is the difference between this type of disk and encrypting a file by software, that is, putting a password on a common pen drive?

"An encrypted file system on a common flash drive is based on the idea that decryption runs on your PC or notebook, and you

could download all the encrypted information from your flash drive

without any problem and try it to see if you're lucky," he says. the expert.

"The difference with a pendrive or external disk with hardware encryption support is that it passes the encryption-decryption of your PC to a processor that is added to the pendrive, then the interaction between the pendrive and the PC is expected to occur only if you

put the key that authorizes it

: in principle, you could not access the encrypted information without that key”, clarifies the teacher, thus achieving one more security step.

Hardware encrypted disks can be hacked, however, under what is known as "tampering": "You can think of cutting the disk and soldering 'things' to it to be able to modify it and make it easier to access the information," Mocskos explains. .

“From what the manufacturer specifies, it is tested and designed to make tampering more difficult, because of these techniques used to be EAL5+ certified, the manufacturer has to pass certain tests that specifically put this to the test.

This is also what makes the product design process significantly more expensive (and that is why it is much more expensive)": depending on its capacity, it starts at

95,000 pesos.

A clarification that must be made, yes: these disks are not impervious to

malware (viruses)

: they have methods that encrypt to protect access by third parties.

If the pen drive gets infected, the files and the computer where it is plugged in will surely get infected.

The cloud: what the big players say

Microsoft is one of the big providers of cloud computing.

AFP photo

The other option is to use third-party computing services, that is, what is known as "the cloud" in reference to the fact that the files are uploaded to a foreign server.

Something that, deep down, is quite far from the vapor and the ethereal: they are computers from giant companies like

Google, Microsoft and Amazon.

Now, what happens when we upload a file, for example, to Google Drive?

“In Drive, when a user uploads a file, it is stored securely in data centers.

And these are encrypted both in transit and at rest, that is, the data is safe on the "path" that they must take between the device, Google services and the data center, and then, when stored," he explained. Google Argentina to this medium.

The enterprise attack surface is huge: the more users a service has, the more risk there is.

According to the company itself, in Gmail every day "more than 99.9% of spam, phishing

and

malware and almost

15 billion unwanted messages

" are automatically blocked.

Another online computing service that dominates the market is

Microsoft Azure

, which has one of the most used programs in the world:

Office

.

The fact that it is one of the applications with the most users comes with a potential problem similar to that of Google, which is that it has a huge attack surface (more users, more potential victims).

Santiago Cavanna, Chief Information Security Officer (CISO) of Microsoft Argentina, explains: "With

Microsoft Defender

you can protect your data and devices to protect against malware, receive security notifications in real time and

provide security suggestions

, which help to maintain our data and devices much more secure when we are online”.

“For illustrative purposes only, and so that we fully understand what we are up against, Microsoft security tools detect

1.5 million attempts to compromise their systems every day.

At Microsoft, we not only fend off these attacks, we learn from them: our analytics incorporate an incredible amount of attack intelligence and insights,” he adds.

Microsoft 365

 protects data, gives you the flexibility to work where and how you want, and gives you new ways to collaborate with others.

Microsoft 365 offers advanced protection against viruses and cybercrime, through tools that keep information safe and private, as well as providing ways to recover files that have suffered attacks ”, he concludes.

Servers, servers and data centers, cloud computing.

Photo Pexels

Finally, a huge player in cloud computing is AWS.

“The AWS Cloud was built with the goal of meeting the security requirements of

the military, banks around the world,

and highly sensitive organizations, it has more than

300 security tools

and complies with 98 security standards and certifications,” account Américo de Paula, Leader of Solutions Architects of the Commercial Sector for Latin America.

“This infrastructure is what allows us to attack one of the big problems that society currently faces, which is data hijacking (or ransomware), and thus protect the millions of users who have trusted our cloud for more than 16 years. ", addition.

Although the three representatives agree that the cloud is one of the most secure systems today to host files, services and processes, there are two issues to take into account.

On the one hand, the three agree on user education and the importance of being vigilant: never share personal data with anyone, always have a second authentication factor, log out when using someone else's computer, and create secure passwords (or, better yet, still, use a key manager).

In other words: 

user behavior

is key.

On the other hand, outside of the cloud model, it is always key to have information backups according to the well-known rule 3,2,1 of backup: even though all these rules are ensured and are based on solid numbers, having the information available Backup is the responsibility of the user.

conclusions

Disks, cloud and hybrid model.

Photo Maxi Failla

A hybrid

cloud/physical disk

model is probably one of the best options for protecting files—both have their pros and cons.

The cloud is comfortable and the main players do not hesitate to say that it is secure.

But there are nuances.

“As the people at Google say, files are encrypted for transmission and storage, but not for processing.

So there is always a time when that data is available

without encryption

.

Examples of cloud data leaks are many.

Some because of hacking, others because they use some device to deceive users: Cambridge Analytica is an example of '

pseudo-authorized'

data theft ,” warns Mocskos.

“In short,

there is no absolute notion of security

, everything depends on the value of the information to be saved.

The phrase 'you can be calm that your information will not be accessed by anyone if your disk is stolen', well, it all depends on the investment that the person who steals your disk wants to make and who you want to protect yourself from”, he reflects.

“An encrypted drive is safe, but it is as long as you have information on it that isn't worth enough.

If they steal it from you, over time, its security could eventually be broken ”, he adds.

He graphs it with an example: “

If you are 007

and you have the list of double agents infiltrated in the KGB, I don't know if I would be so calm.

If you have photos of a party that you don't want your partner to be able to easily access, you can rest easy”, he closes.

Thus, purchasing a hardware-encrypted external drive is an option that provides both

convenience and security

to most average users for the type of information they want to protect (although this still comes at a very high price).

And, as you can see,

it is not 100% secure

, but because there is no such thing as regards the protection of information: everything, without exception, can fail.

SL

look also

How to shield yourself against cyberattacks: from the "digital condom" to FIDO keys and encrypted disks

RAM memory on the computer: how many GB is needed beyond marketing?

Source: clarin

All tech articles on 2023-03-28

You may like

Trends 24h

Latest

© Communities 2019 - Privacy

The information on this site is from external sources that are not under our control.
The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.