These days, storing information on a cloud is a necessity for SMBs in order to operate more efficiently in an increasingly digital landscape. However, that makes all of the data extremely valuable and susceptible to misuse, which is where the importance of privacy comes into play.
Privacy is often a term companies use to pile up on various assurances and exceptions to provide their users with a piece of mind. But the reality of what data gets collected and how it’s used is different than what many cloud solutions practice. Specifically, SMBs must pay attention to these three privacy issues when choosing the right solution:
1. No zero-knowledge encryption
Zero-knowledge is arguably THE way to keep sensitive company files and folders private as it removes the possibility of someone other than a user having access to it. This is achieved by encoding information client-side (before they are uploaded online) which, unlike server-side encryption, can only be accessed by an authorized user with proper credentials (a secret key or password).
This means that the cloud storage service knows nothing about the data you store on their servers. If prompted to hand it over and its credentials, they can’t because they have zero knowledge of it, including the service’s admins. The same goes in case the service is hacked (which happens from time to time, unfortunately) – only the user has the decryption key, for everyone else it’s useless.
In a world where more than half of cyber attack victims are small businesses, unauthorized access is a major concern. Do note that zero-knowledge encryption doesn’t make a service secure by default. There are many other things that constitute cloud security but strictly looking from the client side, this is a huge plus and a must-have feature.
2. Third-party access and control
For instance, Dropbox, one of the most popular services, actually states in their Terms of Service that the users give the company permission to scan through their files. Not only that but “this permission extends to our affiliates and trusted third parties we work with”
In case you were wondering, Dropbox doesn’t have zero-knowledge encryption. They are not the only ones with such unfavorable and often vague policies.
If you’re a business owner using such cloud storage solution, you need to understand that there can be serious consequences. Luckily, there are providers like pCloud that take their privacy seriously without showing your information to anyone else and encrypting it at the source.
3. Location and local privacy laws
In light of shoddy privacy policies, the location of the cloud storage provider matters greatly. Once again, as an example of a globally used service, Dropbox’s storage servers are located across the U.S. – a country that’s anything but privacy-oriented with its laws. From blocking some files due to the DMCA (Digital Millennium Copyright Act) by looking at the content when sharing it to working with NSA’s (National Security Agency) PRISM project, Dropbox and other US-based services are under heavy legal scrutiny to provide information when requested.
On the other hand, countries like Switzerland guarantee the constitutional right to privacy and uphold several pro-privacy laws to protect your data. In a nutshell, virtually nothing can be done without the express consent of the user, while disclosure of private data to third parties is considered a data protection breach and is subject to fines. Hence, choosing a cloud storage provider that is based in Switzerland or any other privacy-minded country is a smart choice.
For a small or medium business owner who is aiming to adopt or maybe transition to cloud storage, its cost-effectiveness, scalability, and flexibility will be highly beneficial. However, in order to fully leverage this great value, it’s imperative to understand the true definition of privacy.
Cloud storage services have different ways of managing it, with some popular choices falling well short of the norm. The best way to ensure your data is secure and away from prying eyes is to invest in a solution that effectively solves three major privacy issues outlined above. In short, you want a service that shows it respects its users’ privacy and grants access to the only authority that matters – you.