What are the best practice for Encrypting Cloud Data?

Answer 1

We can always protect our data from unauthorized access if we just make some extra efforts. Here are a couple of practical tips to keep your cloud data as secure as it gets.
`

1. Back Up Data Locally

1. It is good practice to create electronic copies for any of your data so that you will still be able to access them even when the original is lost or has been corrupted. There are many cloud storage services available in the market today, which means you can set up some cloud accounts for backup purposes.
2. If you have data in the cloud, you should also manually backup your data in an external physical storage drive or device, like a hard disk or a thumb drive. This also allows you to access the information when you have poor or no Internet connection.

2. Avoid Storing Sensitive Information

1. My advice is to keep only those files which you need to access frequently and avoid putting up documents containing passwords for your various online accounts or personally identifiable information (PII) such as your credit card numbers, national identification number, home address, etc.
2. If you must include these information in your files, make sure to encrypt them before you upload.

3. Use Cloud Services That Encrypt Your Data

1. One of the easiest way to safeguard your privacy when using cloud storage services is to look for one that offers local encryption for your data. This provides an additional layer of security since decryption will be required before you can be granted access to the data.

4. Encrypt the Data Before Putting it on The Cloud

1. If you choose not to use a cloud service that will help you encrypt the data, you can use a third-party tool to perform the encryption. All you got to do is download a cloud-protection app which will allow you to apply passwords and generate secret key sequences to your files before you actually upload them to the cloud.
2. Even if you’re already opting for an encrypted cloud service, it wouldn’t hurt to go through a preliminary round of encryption for your files to get a little extra assurance.

5. Read the Small Print of the Cloud Service Provider

1. Besides storing your data, some cloud services allow you to share your photos and files with others. This definitely sounds appealing, but sometimes these services come with a catch. There might be some fine print that they don’t advertise but will stuff in their Terms of Service (TOS) to make it legitimate.

6. Use a Strong Password / Apply Two-Step Verification

1. As the first line of defence against malicious hackers out there, you had better be sure that your password can stand a hacking or cracking attempt. There are tons of tips on the Internet on what makes for a good password.

7. Be Wary of Your Online Behaviour

1. Sometimes, the security of your cloud data depends on what you do online, especially on public computers or connections. When using a public computer, do you opt to not save your password, and ensure that you logged out of your account after you are done? Saving your password and leaving it logged in exposes you to the risk of strangers accessing your data.

8. Protect Your System with Anti-Virus & Anti-Spy

1. You may be using a secure cloud service provider which you absolutely trust, but sometimes the weakest link happens to be the computer system you’re logging in from. Without proper protection for your system, you expose yourself to bugs and viruses that provide penetration points for hackers to access your account.
   `
   Source: Tips to Secure Your Cloud Data

Answer 2

You should encrypt data at rest and in motion. Encrypting “in motion” is already well known to you – the standards of HTTPS/SSL and IPSEC apply equally well in the data center and in the cloud.

Encrypting “at rest” means that the data must be encrypted when it resides on a disk, in a database, on a file system, in storage, and of course if it is backed up. In the real world, people have not always done this in data centers – often relying on physical security as a replacement. In the cloud, physical security is no alternative – you must encrypt sensitive data.

This actually means data must be encrypted constantly as it is being written, and decrypted only when it is going to be used (i.e. just before a specific calculation, and only in memory). Standards such as Advanced Encryption Standard (AES) are commonly used for data encryption at rest.