A cottage industry is growing up around virtual padlocks that consumers can place on cloud services so that the vendors themselves can't get to the information -— even if the government requests access.
And in recent years there have been a lot of those government requests for access from storage-as-a-service providers.
For example, Google regularly receives requests from governments and courts around the world to hand over user data. Last year, it received 21,389 government requests for information affecting 33,634 user accounts. Sixty-six percent of the time, Google said it provided at least some data in response.
During the same period, Microsoft received 70,665 requests affecting 122,015 accounts — more than three times as many requests for information disclosure as Google. Only 2.2% of those requests resulted in Microsoft turning over of actual content; 1,558 accounts were affected. Another 79.8% of the requests resulted in disclosure of subscriber or transactional information affecting 56,388 accounts.
Newly disclosed information, however, has added to public sensitivity around government intrusion.
Freedom of Information Act requests by the American Civil Liberties Union revealed last week that the U.S. government claims the right to read personal online data without warrants. "It is the case everywhere in the world that governments seem to believe that if data is recorded and available, they should be able to access it," said Jay Heiser, an analyst with research firm Gartner. "It's not unique to the U.S., although the United States brags about it to a unique degree."
New documents obtained by the ACLU from the FBI and U.S. attorneys' offices revealed startling realities around the government's email surveillance practices. Last month, the ACLU also obtained documents showing that the IRS does not always get a court order to read citizens' emails.
Locking the feds and thieves out
So should consumers add security to their cloud storage repositories to keep their data even more secure from prying providers and government snoops? Absolutely, says Heiser.
That's because many data breaches involve frustrated service provider employees who see treasure-troves of data as a way to make a quick buck. "There are repeated stories ... of rogue employees who collect data to sell to credit card fraudsters," Heiser said. "It is an issue with provider staff morale."
Apart from downloading freeware, such as TruCrypt, and encrypting every folder or file before it's uploaded to the cloud, new automated tools are emerging that handle the job of cloud storage security more seamlessly.
SafeNet, for example, just launched a beta of SafeMonk, which adds a secure encryption log-in to Dropbox. Essentially, the data you store in Dropbox can't even be accessed by Dropbox itself because users get to keep the encryption keys.
Sign up for CIO Asia eNewsletters.