Patrick Rhone wrote an excellent take on data security not that long ago. His recommended approach for eliminating all risk of data theft was simple:
Don’t have data.
Obviously life in the 21st century is impossible without data, and it seems like every week, there’s another reason to store more data on machines you’ll never see or control.
If a company has invited you to store your data with them, I think it is completely reasonable to expect them to keep your data secure. That’s their job. And if they don’t do their job, may the media have mercy on their soul.
But I think it is totally unreasonable to expect that your data will never be exposed at some point in your lifetime (and beyond). The numbers are way, way against you.
Avoiding “the cloud” isn’t the right answer. Protecting what you put there is.
For every file I store online, whether it’s mass storage or Dropbox, I think about the risks of those files being exposed. If it’s something I definitely don’t want someone else to get their hands on, I encrypt it.
I may not be able to control whether someone gets my data, but I can at least make life hard for them if they do.
There are three main ways I do it:
- Secure disk images
- Encrypted PDF using PDFpenPro
- Arq’s encrypted Amazon S3 backup
{ 1 comment… read it below or add one }
It’s funny that I actually threw that quote in my Evernote, because I liked it.
I disagree with the part where you say a life without data is impossible in the 21st century; I know people who do now and 50 years ago everyone did.
However I fully agree with you that sooner or later (more likely later) someone will be able to crack your stuff, no matter how you encrypt it. Please allow me to quote Patrick full:
> If you want your data to be **100%** secure, here’s the solution:
> Don’t have data.