Cloud or NAS – Where is Data More Secure?

By now, data has become a universal commodity, like a currency. They are accumulated, stored, hunted, traded, protected, and stolen.

As with money, data seems to be less risky in the hands of professionals who can take care of it, like banks. Not myself, but the cloud storage provider is better able to take care of the up-to-date software and hardware and the correct and safe setup.

But is everything so clear?

Choosing The Best Storage For Backups

Today, backups are most often stored on a local server. But this is fundamentally wrong: in the event of a failure of the server drive (and this probability is quite high, given that the server drive is always loaded), you will lose both data and backups.

Then the administrator comes to the conclusion that it’s time to buy a network-attached storage (NAS). In addition to the available storage for 2-4 hard drives, you will also need an HDD, whose usable capacity will be half as much since one drive must be used as a mirror for another. Otherwise, you will lose some of your backups if your hard drive fails.

Equipment for NAS must not only be bought but also maintained in the right way.

Or Maybe A Cloud?

And so you buy (or use NAS free software) the right amount of hard drives, and think that the solution you have chosen is a panacea for everything. And one not-so-good morning, you find out that … there was a fire in the office, or the office was flooded, and all your NAS, along with the hard drives installed in them, are no longer usable.

By the way, this does not have to be an external reason that destroys the data. Simple ignorance can have serious consequences. Whoever decides to install a NAS must know exactly what he is doing. At the very least, it should check if the network drive allows anonymous access. Consider the 190,000 open hard drives that a student could find and access with a simple scanner in 2015.

It turns out that by placing a backup storage system in the same room as your servers, you can lose both data and their backups.

The way out of the situation can be the purchase of storage in the cloud. Lots of advantages:

  • Your backups are no longer afraid of natural disasters since they are located geographically in another city. Even if none of the office computers survive, your data in the cloud will be safe and sound.
  • Backups from the cloud will be available at any time. At any time, you can increase or decrease the size of the cloud storage, and you do not need to pay the entire amount at once. You can buy a 1TB cloud and then upgrade to 2TB and back to 1TB again if you no longer need to store 1TB of data. In the case of 8 TB hard drives already purchased for the NAS, this trick will not work.
  • Physically, your data will be stored in a reliable Tier III level data center under reliable protection, with redundant power supply, cooling systems, and communication channels.
  • The transfer of backups from the cloud is carried out via encrypted communication channels, so there is no need to worry that data can be intercepted on the way from the office to the cloud. Even if someone intercepts the data, he will not be able to decrypt it.

It is imperative that the data is already encrypted when it enters the cloud. In this scenario, only whoever has the keys can access the data, and the data is not accessible to outsiders. The character strings left after encryption have no informative value without the corresponding key.


A screenshot of a Boxcryptor-encrypted file opened without a key.

Cloud Storage Security

Cloud storage services are considered a convenient alternative to local storage. And there are several reasons for that.

However, clouds have a number of features that many users do not think about. One of the main issues is the guarantee of data security. Many modern cloud services from large companies, if they care about their customers and their reputation, provide storage encryption by default, so outsiders (for example, insiders) will have at least difficult access to your information. However, we usually cannot verify whether the cloud provides strong encryption. Therefore, it remains to rely on the decency and professionalism of the owners of the services themselves.

Another problem is that when you host data in the cloud, you download it over the Internet. Therefore, if the information is not protected, attackers can intercept it relatively easily. For example, if you use a public Wi-Fi connection in a cafe or airport, there is a huge risk of intercepting and listening to traffic and therefore stealing your data before it reaches the secure cloud.

And a completely banal but no less serious problem is using the same logins and passwords for various services. This greatly increases the risk of information leakage: after all, when access to one of the services (for example, to a forum or a social network) is compromised, attackers get a login and password from all other services of the victim, where the same login and password are set.

Malware goes to NAS

Unfortunately, the more popular network storages become, the more often they fall under the scope of cybercriminals. You don’t have to look far for examples – after the WannaCry epidemic, even those who are far from the topic of information security learned about encryption viruses. Such malware can already reach network drives, and some are even specially developed with NAS devices in mind.

Another example is the StorageCrypt encryptor malware that enters the NAS through the SambaCry vulnerability and encrypts files on it, then demanding quite impressive sums for decryption – 0.4 or 2 bitcoins, which is a lot of money at the current exchange rate. StorageCrypt has already left quite a few people without backups.

Through the same Sambacry vulnerability, by the way, it is possible to plant a variety of infections on the device – spyware, programs for DDoS attacks, or cryptocurrency miners. But in most cases, problems could have been avoided by properly configuring the NAS.

Think About It

Some may ask why it is so important to encrypt family photos, work links, and location data. Most people talk about it because they think they are “not that interesting.”

However, today, personal data is more valuable than ever. They can be used for fraud, sale, and also for infecting computers and local networks by hackers.

To protect privacy, it is worth taking maximum data protection measures. The list of examples describing the misuse of personal data is endless. Each person must be sure that he or she will not become an example of personal data abuse. And where to store this data – let everyone decide for himself.