"A lot of people use Dropbox.
A lot of people put a lot of valuable, sensitive and personal data inside Dropbox.
A lot of people make the mistake of not encrypting their valuable, sensitive and personal data before they put it inside Dropbox.
Which all adds up to a whole heap of trouble if Dropbox suffers a data breach."
-- Quoted from Graham Cluley's article titled "The huge Dropbox password leak that wasn't".
Yes, your data in cloud storage such as Dropbox needs a second layer of protection despite being well encrypted and taken care by Dropbox.
This is because most of the time, the data in your cloud storage can be easily accessed once your password is obtained or hacked.
Worse still, most cloud services such as Dropbox provides the convenience for you to stay logon once you successfully signed in from their apps, be it from a computer or mobile device. This means that whoever obtained physical access to your computer or mobile device with an active logon session to your cloud service, can easily access to your data without even the need to know your password!
Nowadays, most cloud services like Dropbox do provide option for additional security through 2-step verification which requires second verification through SMS, USB key, etc. beside your password. However, novice users find it difficult to configure and activate, and there is limitation in the USB key method, such as, can only be used when accessing the cloud service with Google Chrome browser. In addition, this 2-step verification doesn't solve the open session loophole as described in the above paragraph.
I found a wonderful product called GuardKey which perfectly fills this gap of needs by offering data encryption and concealing solution to not only your cloud storages, but also your local storage (eg. harddisk, NAS storage, SAN storage, etc.) and portable storage (eg. USB drive, SD card, etc.).
GuardKey is a USB dongle with the following components:
- A unique AES-256 encryption/decryption key.
- A Windows software to be installed in your computer to perform seamless data encryption and decryption to your Safebox (an invisible folder in your storage device that everything in it will be protected by GuardKey).
- 8 GB of free empty storage, for you to use the USB dongle as normal USB drive.
There is always a trade-off between security and convenience. The higher the security measure, the more inconvenience for the user it become, and vice-versa. The beauty of GuardKey is it provides a wide range of flexibility level to the user to determine between high security and high convenience.
If user opts for high security, the Safebox can only be opened with the USB dongle and a password. In a more convenient level, it only needs the USB dongle without the need of entering password. Plug in your GuardKey dongle, you have access to your Safebox; pull out your GuardKey dongle, your Safebox will be hidden, and even if found, all the data inside it is encrypted with AES-256 (Advanced Encryption Standard with 256 bits cryptographic key length) encryption, which is a military grade encryption method that recommended by NSA for US government to protect Top Secret grade of information.
Alternatively, you can also make it possible to unlock the Safebox without using the USB dongle, by using the GuardKey Viewer mobile app. The mobile device running GuardKey Viewer needs to be paired with the GuardKey application running in the computer before it can be used as Safebox mobile unlocker.
There are 2 levels of mobile unlock security: by using a six digit one-time-password (OTP) which changes every minute, or by using a combination of random sequence of images together with the six digit OTP.
GuardKey supports the creation and usage of Safebox in local disk (including portable storage) and also in Cloud storage.
Supported cloud storage includes Dropbox, Google Drive, OneDrive, ASUS WebStorage, Box, SugarSync, and other cloud storages that sync with local disk, which the user need to inform GuardKey about the location of the sync folder.
GuardKey supports one Safebox for each of the storage drive. The screenshot below shows I've created one Safebox for local drive D, and another for Dropbox.
The data inside these Safeboxes are encrypted and not accessible until they are unlocked by GuardKey. A virtual drive will be mounted with the Safeboxes now accessible as folders in the mounted drive. Once they are relocked, they will disappear from the virtual drive, and if all the Safeboxes are relocked, the GuardKey virtual drive will also be unmounted and disappear.
By using GuardKey, you can therefore ensure that all your AES-256 protected data in Safebox will remain be unreadable and inaccessible, even though your computer is stolen, seized or hacked. By encrypting your files and folders in cloud storage with GuardKey, you can also protect them from leaking and exposing through hacking or unauthorized access to your cloud storage account.
The same GuardKey USB dongle can be used in multiple computers to access the encrypted data in your cloud storage from different computer.
GuardKey is a well thought product. In case you lost your USB dongle and you have not enable mobile unlock option, you are still able to unlock your Safebox and rescue the data inside by using the backup AES-256 key residing in your local disk, which requires your password for its usage.
If you are concerned about this "backdoor" measure for emergency data retrieval, you can store your AES-256 key in another USB disk and lock it in a secured physical safe, then delete and wipe out the backup key in your local disk residing in data folder of GuardKey installed path.
As a conclusion, GuardKey is found to be very flexible between security and convenience, which you can adjust according to your need. In high security mode, I believe it is fit for commercial and industrial use. While in high convenience mode such as unlocking on the fly with USB dongle without the need of password, it can still protect your data, provided that your USB dongle does not fall into the hand of other people.