So cloud computing is all the rage. It has swooped in and lulled us en masse to upload ALL our digital stuff to it…up there…out there…somewhere barely on the fringes of our control. In what feels like no time at all we’ve abdicated physical containment of our precious information (the stuff we used to carry around in a box) for the convenience and ubiquity of this thing called “The Cloud.” This without barely a second thought as to the cloud’s security or the continued confidentiality of our information.
Now our email, novels, novel ideas, designs, blog drafts, documents, tax returns, financials, divorce papers, hate mail, love letters, spreadsheets, insurance papers, mortgage documents and that photo of me chewing on my chihuahua’s head are out there, somewhere, floating blithely along “on the cloud.”
Sounds a LOT like having unprotected sex. One of these days something unexpected is going to happen.
My problem (my paranoia?) is that EVERY time I post something “to the cloud” I feel like I’m feeding this great unknowable thing. It’s like this huge, big hungry monster lurking out there, waiting to devour us!
Way back in 1995 Nicholas Negroponte mentioned in his book “Being Digital” that “When things go digital, control is lost.”
Enter Cloud Computing, the bastion of CONTROL…LOST.
I’ll be the first to admit that the cloud is SUPER convenient. Seriously, Dropbox has altered my digital life in many positive ways. Simply not having to lug a jump drive or a computer around has been a treat. Not really worrying if my house burns down–destroying the novels i’m working on–has been liberating. Still, there has been this nagging voice in the back of my mind about The Cloud.
How secure is our data on the cloud? Companies like Dropbox have great language on their websites about how secure your data is. How they apply military-grade encryption to your files. Still, how secure is MY data is on THEIR servers? How can my data be totally secure if THEY can send me my password, if I forget it? What’s to stop an employee from rifling through my shit…your shit…others’ shit?
So I’ve determined that a company’s comments about security just isn’t good enough for me. I need, I want, I have to have, an added layer of protection for which I and I alone control the keys.
When you think about it digitally, Security and Convenience are not great partners. If they were on Dancing With the Stars they would have been voted off the first night. Shoes would have flown into the audience, moves would have flubbed, and most assuredly there would have been a wardrobe malfunction, or two. There is simply too much tension between security and convenience. Think of taking an Arthur Miller class with your X wife (or husband).
In reality if you want something super convenient, then that thing runs a good chance of being easy to crack, infect, reach, steal or spoof. Convenience is inherently insecure. (I mean that as data insecure not Psycho-Cybernetics insecure). Likewise if you want something super secure, then you will have to face a gauntlet of time-zapping hurdles just to interact with the information. The key to being secure AND convenient is balancing one with the other. Too much on one side and you’re miserable.
I’m not satisfied that being secure “on the cloud” is the domain of the super geeky. I’m also not satisfied that I can’t reach a level of confidence about my most precious data on the cloud without having to thread a needle with a camel.
So here is the simplest way I’ve found to add an additional layer of control to your files on Dropbox (or on the cloud in general):
First here is a quick NON-TECHNICAL overview of what we’re going to do:
1. Create an encrypted folder, let’s call it a “Vault” on your LOCAL COMPUTER using a piece of FREE software
2. Place the files you want to protect into the Vault
3. Upload your Vault onto Dropbox
4. Sanitize Dropbox so that none of your protect files are available “in the clear”
Here is the “technical” side of how we accomplish this:
Download and install TrueCrypt. This is a free, open source program that works on all platforms. Follow their GREAT and EASY instructions on how to create your first encrypted volume, aka Vault. (I’m just going to call this thing the Vault until Apple tells me I can’t.). If you don’t trust TrueCrypt, then take a gander at what security guru Steve Gibson says about it.
One thing that screwed me up when I first tried this was pre-determining the fixed size of the Vault. If you’re only going to secure 10MB of stuff and you set the volume…cough…I mean Vault size to 5MB, then you won’t be able to fit everything in your Vault. Likewise, if you set the Vault size to 1GB and you only use 10KB, then your volume will STILL take up 1GB of your Dropbox. Do a little planning. Build out your Vault to the size you need plus leave some extra room for growth. You know the old chestnut: Measure twice. Cut once.
NOTE: When the system asks you for a password don’t be a pansy. Come up with a password that’s impossible to break. DO NOT USE THE SAME PASSWORD YOU USE FOR EVERYTHING ELSE!!!
Once you’ve created the Vault on your computer and UNMOUNTED it from TrueCrypt, then you can throw that file up onto Dropbox. Here was a point of confusion for me. When you talk about a file to me I think of a single file. When TrueCrypt disconnects from your Vault, the Vault changes from a Volume or a Folder into a file. It’s a file, but it’s not really. So throw this file up onto your Drop.
Now, make sure you take a pass through your Dropbox so you can delete ALL of the files that you have protected in your Vault. Keep in mind if it’s not in the Vault, it’s NOT protected.
Two questions that came to my mind when I was first getting into this:
Can I open my Vault using my iOS device?
No. So the way around that is to allow the stuff you post to your Drop to reside in insecure space until you get a chance to scoop it into your Vault. So let’s say there is about a day’s worth of stuff that you haven’t secured. If there is a breach, then potentially you’ve only exposed about a day’s worth of work. Better than giving them the full monty, right?
How do I interact with my Vault once it’s on the Drop.
When you launch TrueCrypt you can then open this Vault directly from your Drop. When you’ve unlocked it, the Vault will appear on your desktop a Volume icon (Speaking from the Mac point of view). Click on this Volume and your files will be there ready for you. When you’re done, Unmount the drive, and it will pop back into Dropbox. All nice and tidy.
If you are collaborating with someone and using these protected Vaults, I read somewhere that you can cause real problems for yourself if you don’t UNMOUNT your drive when you’re done. I have not experimented with this yet. Let me know if you find anything on this front.
Ok, that should cover it. Go forth with renewed confidence and be sure to practice safe sex..er…cloud. haha that too.
For further reading:
April 17, 2011