IT security at the University of Bern

Cloud security: Using cloud services securely

Saving photos, videos, and other data to the cloud is something we've been doing almost automatically for a long time already. But what about security? We can show you how to store your data in the cloud securely while protecting your privacy.

Why is it called the cloud, and how does this service work?

The term "cloud" is used in IT diagrams to represent how systems such as desktop computers, servers, and smartphones exchange data via a network.

Using a cloud service means using an internet-enabled device (smartphone, tablet, computer, or even TV) to store data on an internet server to reaccess it online from anywhere in the world.

Five simple tips to increase security

Using cloud storage for your data is practical: it's easy to use, and all of your data is available at any time and from anywhere. But is the data you upload to the cloud secure? It's not possible to guarantee this with 100% certainty. However, by following these tips, you can increase the security of your data.

Ensure that your access to the cloud is particularly well protected. Not having a password or only having a weak password makes things easy for data thieves. After gaining access to the cloud, they'll be able to access all your data, assuming that it hasn't been additionally encrypted. That's why it's important to use strong passwords and have a separate secure password for every account. Most cloud providers also offer two-factor authentication, which you should use.

The cloud is accessed via an internet-enabled device such as a computer, laptop, tablet, or smartphone. If a device is infected by malware, cloud services may also be attacked under certain circumstances. Therefore, make sure you set up your devices so that you can use them securely. This means installing all updates, protecting your data, installing antivirus protection, and using caution when clicking on links and attachments in emails and when downloading files from websites.

It's particularly important to protect your smartphone. If it's possible to access the data on your smartphone via an app, it's also possible to access the cloud with just a click. This is very practical, but also means there's potential for malware loaded on the smartphone to get into the cloud. Also, if your smartphone is lost or stolen, your cloud data is only as secure as your smartphone itself.

To ensure that sensitive data like bank statements, tax documents, and medical records are securely saved to the cloud, this data should ideally be encrypted before uploading it. Here are two examples of encryption tools:

  • CryptSync is a small utility that synchronizes two folders while encrypting the contents in one folder. That means one of the two folders has all files unencrypted (the files you work with) and the other folder has all the files encrypted.The synchronization works both ways: a change in one folder gets synchronized to the other folder. If a file is added or modified in the unencrypted folder, it gets encrypted. If a file is added or modified in the encrypted folder, it gets decrypted to the other folder.

  • Cryptomator is not relatively as easy to use as Boxcryptor, but it is open-source and free. Unlike Boxcryptor, you must create containers after installation in which the data to be encrypted is stored. The containers, which can be included separately and as needed, appear as drives in the file explorer. If files are copied there, Cryptomator encrypts the data and loads it into the cloud storage.

There are also cloud providers that automatically save all documents in encrypted form. These providers are often considerably more expensive but are also particularly secure and user-friendly.

When choosing a cloud provider for private use, you have to consider whether you want to prioritize data protection and data security or reduce the security demands somewhat in favor of features and usability.

The big cloud providers like Dropbox or Google offer a lot of storage space and work very well with other apps. However, most of the time, the data is not located in the user's own country, which impacts data protection. In turn, local providers offer security and compliance with local privacy regulations but score lower on functionality, integration, and ease of use.

Tools like Boxcryptor and Cryptomator help to increase data security and are a good idea in any case. Whether these tools also fulfill special data protection requirements (e.g., in the case of particularly sensitive data in the professional environment) must be clarified on a situational basis.

The overview of 32 common providers published on helps when selecting a cloud provider. 

Access via public WLAN hotspots, for example, at the airport or in restaurants and hotels, involves risks. In these networks, attackers with the appropriate know-how and equipment could, for example, intercept the username and password for the cloud. This is especially critical if the communication between the cloud and your device is unencrypted. Fortunately, this happens very rarely, if at all.

Nevertheless, you should be aware of the risk when using a public WLAN and, if in doubt, do not access your data in the cloud. In any case, using two-factor authentication to log in to the cloud provides additional protection.