My friend asked me: "Are there any cloud services that you can trust to store company secrets. Only services outside USA are accepted."
Personally my opinion is that if you have company secrets then you have 3 options. 1.) Dont use a cloud (safest) 2.) Use a self hosted cloud, personally I use Owncloud 3.) Use an encryption tool that works with your cloud, that way the cloud provider is only storing pseudo random numbers. Examples include boxcryptor. Any option that involves you trusting the cloud provider is asking for trouble.
I would be tempted to shift your friend's attitude away from any level of trust in non-US services either. Most countries seem to be at the illegal mass surveillance, and do so beyond the 5-eyes. The critical point being that you use strong encryption, and are fanatically careful with keys and key management. This is a significant amount of work wherever it is hosted. Internal networks are not necessarily that much better than cloud providers due to inside-jobs. And you have to be very careful similarly to manage certificates properly as the data flows inside the internal network.
Honestly, I would work out some type of system to have micro SD on my person before I would use ANY cloud server. Encryption is necessary whatever choice he makes. If one has data that is mission or life critical, putting it on the net only opens up a security hole.
I don't have any issues with cloud storage IF the encryption occurs locally and ALL decryption key management is controlled by ME. The problem with micro SD, USB pocket flash devices, etc... is that the storage sizes are too small for many needs. Now, if I can upload any files I want to the cloud with an encryption scheme I don't have to worry about I do. Just as with locally held externals, you can manipulate your data so there is a "decoy" that can be presented under duress. You never open the data from the cloud but pull it down and "unlock" it locally. Using this scheme I have no worries at all with clouds and use them quite often. I can access them from anywhere in the world with the proper credentials.
Personally, I prefer to combine zero knowledge cloud with local encryption. This way even if one of them have serious vulnerability, still my data are protected.
Use Viivo, then you can use/trust any cloud service you want. I wouldn't mess with these small outfits like Spideroak, they could disappear overnight.. Stick with the big boys, secure yourself with Viivo.
Found these: http://www.privacytools.io/#cloud disk42.com is flagged as malware by Bitdefender's Traffic Light, but I guess is a false positive. Personally, I have moved away from Google Drive and I am now using Mega. Their Sync clients works great and it's multiplatform (Linux as well, which is something I needed). I know it might not be the most secure cloud in the world but I still believe is far better than the usual ones. And with 50GB for free I can also store photos and less confidential documents. All in the same place. Because I am a bit paranoid about having redundant backups, all my personal documents (around 2GB) get uploaded as a blowfish 448 encrypted .arc archive file (made by Peazip) to hubic.com (based in France, 25GB free, 100GB for 1€/month)
Have you considered the benefits of physical off-site backup? Of course, there are circumstances when they will not be available, but that is also true of individual cloud services, and also, if you want to be really paranoid, the internet itself. Given the level of intrusion into the core, it's quite feasible for our democracies to cut off access to any service they fancy without judicial review, all in the name of the usual excuses.
Well, this is my current set up for my personal documents which in my opinion deserve some secure backing up. I work paperless. All documents, invoices, letters, bills, etc. get scanned and saved. I create lots of PDF. 1. Original files in my work PC, where usually they get created, modified, deleted, etc. 2. Those files are located in a so called "Mega" folder which is synced with the cloud. 3. Back up on an external HDD, which is usually disconnected from the work PC and switched off, being used for backup only. Photos on this external HDD are backed up normally. Documents in an encrypted (Veracrypt) container, just in case some burglar steps in and take the HDD away. 4. Third back up in my personal PC, done through Mega Sync (this still has to be done) 5. Fourth back up (docs only, no photos nor music) in hubic.com, encrypted archive. 6. Fifth back up off-site. 64GB memory stick which is placed in a safety box in the bank. Needless to say that this last backup is not really up to date, basically I update this only twice a year. However this covers me from a worst case scenario, limiting the loss of all the data. Am I paranoid enough?
Nearly(!) - now you have to diversify media types (e.g. to include optical), different filesystems, and then save in multiple document types including archive pdf, font-embedded. And then you have to wonder, is it worth keeping all this stuff?! There's a lot to be said for travelling light and looking forward (not that I've managed that...)
That looks good list. Well, not very detailed nor covered widely, and I even have doubt about some tools listed there for technical reason they didn't take into account, but easy to view/navigate and quite concise. Thanks. I have similar redundant backups, but most of them are locally encrypted even when cloud service have its own 0 knowledge encryption.
Disk42 is shutting down. I think after Snowden many companies jumped on the boat of privacy/encryption etc (think also Lavaboom) and then just did not get a sustainable way to make it.
Just do Reed-Solomon, and then put each shard on a different cloud service. https://github.com/Backblaze/JavaReedSolomon
Never heard of hubic before. Their pricing seems quite nice. I wonder how are they able to offer 25GB for free and 100GB for 1eur/month? Also, do they offer a linux client? Does it support file-versioning?
I use Jungle disk which is a subsidiary of Rackspace. Their TOS states they guarantee the security and safety of your data, providing you use there software and encryption. That way the data is encrypted before leaving your machine. When you set it up they warn you that you should set a good key, and if you lose it your data is gone. If you are really paranoid, you can even password protect the gui on your machine, so no one else can activate it. I've talked with them and they have 3 layers of network protection as well as very strong physical security.
They are French based. Actually hubic is run by OVH which is a very big hosting company. They have a linux client, but without GUI. From my understanding they do not offer encryption, so I would not use for confidential files. I use it myself but I uploaded just encrypted 7z archives.
I've used it, but I wasn't as comfortable with their security. Also there tech support was sketchy whereas Jungle disk folks were online with on and off almost for a day, as I wrapped my mind about how to set it up for my needs.
Other than for the 'security' issue you mentioned, are Jungle Disk's features, speed and ease-of-use, etc. fairly similar to CrashPlan's? From what I could tell, CrashPlan offers reasonably adequate security, but I'm not sure exactly where their encryption process takes place.