Today topic information security companies receive a lot of attention. Virus epidemics, hacker attacks, unauthorized access to information... All these dangers, as well as methods of protection against them, are well studied, and in most cases do not constitute any particular problems. However, for some reason, few people think that there are no absolutely reliable security systems. They do not exist even if we do not take into account the human factor, which often becomes the bottleneck of any protection. In addition, we must not forget about the possibility of physical theft of media with information. At the same time, server hijacking corporate network, which contains all the commercial information of the company, can be simply disastrous. In order to prevent this from happening, a "second line of defense" is needed, which is able to protect data in various unpleasant situations.

From the description of the task, it is clear that there is only one way to cope with its solution. We are talking, of course, about reliable encryption of all commercial information of the company. That is, we need a special solution that implements cryptographic data protection, but at the same time does not complicate working with it ordinary users. Today there are several products of this class on the market. And now we will try to analyze functionality some of them.

To begin with, let's at least briefly describe the products that we will compare. The first one is called Zserver. This is the development of one of the leaders Russian market information security - SecurIT. This program constantly evolving and improving. So, for example, the latest, 4th version with new interesting features appeared on October 26 last year. The second product participating in our analysis will be the StrongDisk Server utility, developed by specialists from the well-known company "Phystech-soft". Its latest version, 3.5, was released on November 15, 2004. And, finally, the third and last product in our review will be the development of "CryptoSafe" from the company "LAN Crypto", known for its developments in the field of cryptography, in particular, its own data encryption algorithms.

The principle of operation of all the listed information security systems is the same. Special storages are created on the corporate network server, in which all information is recorded in encrypted form. In the future, they may be connected to the system as virtual disks. In this case, while reading data from them, the latter will be automatically decoded in memory, and while writing, on the contrary, they will be encrypted. In this way, we are talking on the implementation of the principle of transparent crypto-transformation. Its essence lies in the fact that the data is always stored on physical media only in encrypted form, but the user can work with them in the same way as with any other information.

In order to continue the comparison, you need to immediately understand the principle of operation of the products in question. We will do this using the example of one of them - the Zserver program. Implementation example cryptographic protection data on the server

So for detailed description principle of cryptographic protection of information on the server, we chose the product Zserver. The reasons for this are very simple: to date, this software and hardware complex is one of the most advanced developments with some unique features that are not implemented anywhere else. Moreover, the price of Zserver is by no means exorbitant. Moreover, it is even less than the cost of some of its competitors.

The software part of the Zserver complex consists of three modules. The first of them is installed directly on the network server, which stores confidential information. It is in it that the on-the-fly data encryption block and the encryption key management block are implemented. The second module is designed to control the protection system. It is responsible for generating encryption keys and uploading them to the server, administrator authentication, all operations with disks and users, and can be installed on any computer on the network.

The last module, which is part of the Zserver complex, is required to send an "alarm" signal, which will be discussed below.

storage confidential information in the Zserver program is the hard disk partition specified by the administrator. It is usually not visible at all to the operating system, which treats it as just unallocated space. After the connection, this disk "appears" along with all the data placed on it. At the same time, it becomes a "normal" logical partition, to which all standard operating system tools can be applied, for example, separation of user access rights. Initial setup Zserver looks like this.

The security administrator must run a special module on his computer, the management console, and install the software local network server connection. It is worth noting that this connection and mutual authentication is secured using a modified Diffie-Hellman algorithm. Next, the administrator needs to generate an encryption key. This process is carried out by chaotic mouse movement, from which the program "extracts" random numbers. It is with their help that the encryption key is created. Next, it must be written to the memory of a smart card or USB token, protected by a PIN code. This key will always be stored there. Thus, it will be inaccessible to intruders even if the device falls into their hands. After all, in order to access protected memory, you need to know exactly the correct PIN code, which cannot be guessed. Of course, there is a possibility of transferring key information to intruders by an employee who has access to it. However, we must not forget that only persons or managers responsible for the information security of the company should receive the right to connect encrypted disks. Well, if there is a disloyal person among them, then no protection will save the data.

The next step is to load the encryption key from the smart card memory into the server's RAM. Only after that you can proceed directly to encrypting the selected logical partition. This process may take a long time. And so that users do not "idle" at this time, in the Zserver program it is implemented in background. That is, during encryption, the information located on the disk remains available. This allows you not to stop the work of the company's office for a second.

This completes the setup of the protection system. The operation of the system is carried out as follows. In order to mount a secure disk, the security administrator must launch the management console on his computer, connect a smart card or USB token, and, after entering the correct PIN, load the encryption key into the server's memory. After that, the partition "appears" in the operating system. But this is only the outer side of the process. In fact, a special service, having received correct key encryption, begins to decrypt the data, presenting them in the usual form for the operating system. The security officer can disconnect the USB token from his computer after completing work with a closed disk. In this case, the latter will still remain open until random access memory server hosts the encryption key. That is, the disk will "disappear" in the event of a server reboot, an "alarm" signal, or the corresponding command of a responsible employee with a token connected to his PC.

However, it is not always so easy to connect a disk. The Zserver program has a unique key quorum function. Its essence lies in dividing the encryption key into a certain number (m) of parts, each of which is stored in a smart card or USB token of a single trusted employee. To open the disk, it is necessary that several (n) parts of the key be loaded into the server's memory in turn, and n can be less than or equal to m. This approach allows, on the one hand, to achieve great flexibility, and on the other hand, significantly reduce the impact human factor on the reliability of the entire system.

In order for information stored on a secure disk to become available to company employees, you need to "share" folders. Rights are managed by means of the operating system based on usernames stored in Active Directory. In this case, no changes are required on the other computers that are part of the local network. Users, in the same way as always, will log in under their own names in accordance with the security policy implemented in the company. True, it is worth noting one point. The fact is that the introduction of the Zserver system will reduce the performance of the server by 10-15%, depending on its configuration and the selected encryption algorithm. In addition, when performing some operations (initial encryption or re-encryption of the disk), this drop can be even more significant. This point must be taken into account when commissioning the protection.

If desired, the administrator can enable the Network Resource Protection feature. It is necessary to ensure the security of data from unauthorized access during the operation of the system. After the network resource protection mode is enabled, all operations with folders public access can only be done through the Zserver management console. Trying to do something with standard interface Windows administration will be blocked. In the simplest case of using this function, you can generally disable network access to files and folders located on an encrypted partition if, for example, the files are used for the operation of application servers.

In the course of the company's work, various exceptional situations are possible, in the event of which it is necessary to urgently close open this moment protected disks. Implemented this procedure by sending an alert to the server. This can be done in several ways. For example, users to whom the security administrator has given such a right can send such a signal directly from their computers by pressing a specially defined "hot" key combination.

Another option is to use a special device, a button, supplied with Zserver. Clicking on it, for example, when trying to attack the office, will either reboot or simply disable open containers (depending on settings). True, it must be borne in mind that the documents that users worked with at their workplaces will turn out to be defenseless. Moreover, in some cases, for example, if the disk was turned off right in the process of writing information by one of the employees, part of it may be corrupted. In fact, this will be tantamount to a forced termination of all remote connections to a simple server right in the process of user work.

Moreover, the system has the ability to "bind" any scripts written in Jscript or VBscript to this signal. Thus, it is possible, for example, to replace a real encrypted disk with a specially prepared partition with false information. In general, to send an "alarm" signal, it is enough to close the RX and TX contacts of the server's com-port. That is, if you wish, you can include disk management directly in the physical security system of the office. In this case, the "alarm" signal will be given automatically when the security alarm is triggered, "unauthorized" opening of windows or doors, etc.

Another way to protect against unauthorized access to information is entry under duress. Its essence lies in the fact that under the threat of violence or in case of blackmail, a company employee can give his smart card to attackers and tell them the real PIN code, but vice versa, that is, from right to left. When you enter it, the system will "understand" that the data is at risk, erase all encryption keys from the token's memory and give an error. True, it is worth noting that this function is implemented exclusively by means of Zserver. That is, if attackers try to use a smart card on a computer that does not have a management console installed, they will simply receive a message about an incorrect PIN code entry.

We must not forget that the token in which the encryption key is stored may fail or be lost by the responsible employee. In these cases, it will no longer be possible to decrypt the protected disk, that is, all information will be irretrievably lost. To avoid this danger, the Zserver system implements the ability to copy encryption keys from one protected medium to another. Moreover, the package of the complex includes two tokens at once. That is, the security administrator can write the same encryption keys on them and give the second copy to another responsible employee, put it in the company's safe or transfer it to the bank for storage.

In addition to the described danger, the loss of a token with an encryption key does not threaten anything. After all, even if it falls into the hands of intruders, the latter will still not be able to access its memory: it is impossible to pick up a PIN code. The smart card gives the user four, and the USB token only 3 attempts to enter. And if he does not guess the correct string (which is simply impossible), then access to the media will be completely blocked.

And finally, it is worth noting that the system of protecting information from unauthorized access does not ensure its security from accidental or intentional destruction or damage. Therefore, in any case, a data backup system should work on a corporate server. At the same time, the presence of the Zserver complex does not interfere with the latter in any way. The only condition that must be met is to start the creation process backup only when the protected drive is open. It must be remembered that the data will be copied in decrypted form. To protect them, it is recommended to use special software, for example, the Zbackup system from the same SecurIT company. Product comparison

All cryptographic products always begin to compare with the encryption algorithms implemented in them. Zserver and StrongDisk Server are, in general, similar in this regard. Their developers "trained" their offspring in several cryptographic technologies at once, including the AES algorithm, the US national standard, which has de facto become the modern world standard. In both products, users can use keys up to 256 bits to transform the original data, which is more than enough for the current level of development. computer science. By the way, in addition to already implemented encryption algorithms, these programs allow you to connect external modules containing other cryptographic technologies. So, for example, together with Zserver, you can use the Krypton board emulation module, which implements the Russian national standard.

The development of "CryptoSafe" differs significantly from its competitors. As we have already said, LAN Crypto is known for its own encryption algorithms, which were used in this development. However, whether this is good or bad is debatable. The fact is that authoritative experts in the field of cryptography do not recommend using programs with their own encryption algorithms. Still, well-known technologies, repeatedly tested by all laboratories, in the vast majority of cases turn out to be more reliable. And in the case of CryptoSafe, this was confirmed. On the one hand, the algorithm implemented in this program has a certificate and, according to the developers, is accepted as an industry standard. However, on the other hand, during one of the competitions of cryptographic technologies, he could not pass the linear cryptanalysis test. Therefore, there is no need to talk about the security of data encrypted with this algorithm.

The second parameter by which the reliability of cryptographic systems should be assessed is the means used to store encryption keys. In most cases, it is much easier to steal key information than to struggle with decrypting the data. That is why the secure storage of encryption keys is very important. In the Zserver program, any information carriers can be used for this. True, the developers strongly recommend using only mobile media with PIN protection. By the way, that is why the product package includes a smart card reader and two microprocessor cards with protected memory. This provides a truly secure storage of encryption keys.

StrongDisk Server takes a slightly different approach. In this product, the key is stored along with the most secure information, but in encrypted form. Moreover, the user can independently select the data necessary for its decoding. Available options are a regular password, a key file, a code on removable media, or a biometric device. And if the last two methods satisfy modern ideas about secure storage data, then the first ones are not. Moreover, the use of a password is a clear threat to the security of all encrypted information. Still, many users, no matter how much you teach them, still use very weak keywords, which are easily selected by brute force or dictionary search. And the management of companies often tries to minimize tasks, so that additional devices for the acquired protection system are not always bought. Approximately the same can be said about the program "CryptoSafe". It also allows you to store keys directly on your computer's hard drive.

Move on. Next important point is a way to generate encryption keys. Many users do not pay much attention to this feature. And absolutely in vain. In world practice, there are cases when a poorly implemented random number generator used to create encryption keys served as a reason for hacking information that seemed to be securely closed using a high-quality encryption algorithm. That is why in many modern products started to take a different approach. The encryption key in them is generated by the user himself, randomly pressing the keys of the keyboard or moving the mouse on the table. This method almost completely eliminates the "quick selection" of encryption keys. It is he who is implemented in the programs Zserver and "CryptoSafe". StrongDisk Server uses a built-in random number generator to generate encryption keys.

By the way, the programs under consideration and the storages that are used to record information and organize virtual disks differ. Usually, separate container files are used for this. This approach is implemented in the CryptoSafe product. The developers of the Zserver system took a different path. In their brainchild, a separate partition on the hard disk is used as a storage of information, perceived by the operating system simply as unallocated space. Well, StrongDisk Server allows users to use both methods.

The option with container files has one advantage - it's portability. That is, the data file can be easily copied to any media and attached to another PC on which the appropriate software is installed. The disadvantage of this approach is the vulnerability of the container. A virus attack, careless actions of hackers or the users themselves can lead to the deletion or corruption of this file. In this case, all information contained in it will be lost. In addition, with a large number of simultaneously connected users, work with the container file slows down very much. The second option, on the contrary, is completely devoid of mobility, but on the other hand, no programs that use standard OS functions can damage the storage. In addition, let's not forget that we are talking about server utilities that are designed to protect important company documentation. And mobility in this case turns into harm. So the approach implemented in Zserver seems to be more practical. Moreover, a simple transfer of information can be ensured by creating storages on removable media.

Well, now let's talk about the additional functions of the utilities discussed today. The first of them, Zserver, has a fairly wide range of capabilities. First, this product implements an open interface for connecting various devices from which an alarm can be given - "red buttons", radio key fobs, sensors and access control devices to the room. Moreover, one such device is even included in the package. This function is necessary if intruders broke into the premises, wanting to seize information by force. Activating the alarm mode will either block all private data or restart the server (depending on the current settings). The second additional feature of the Zserver program is keeping a complete log of all administrator actions (actions with encryption keys, opening and closing disks, etc.). These logs can be of invaluable help in case of any incidents with commercial information. With their help, you can easily see if there is something in the actions of the responsible employee that could cause data leakage.

Third additional function is the so-called quorum of keys. This is a unique feature that is only available in the Zserver product. Its essence is as follows. The key required to connect the storage is divided into several, for example, into 3 parts, each of which is received by one of the trusted employees of the company. Moreover, to decrypt the data, not all are needed, but only a certain number of parts, for example, any 2. This approach can significantly reduce the risk of data leakage. After all, now attackers will need to get not one, but two keys. And the work of the company at the same time does not depend on one person who solely owns the access necessary to connect disks.

One more interesting opportunity Zserver is an "atomic" implementation of data encryption. This means that the entire encoding process is represented as a set of separate transactions. This approach avoids data loss in various unforeseen situations. That is, at any time, the encryption operation can be interrupted or returned to its initial state, even in the event of an unexpected server overload and power outage.

In addition, the Zserver program implements many more interesting and useful features: support for multiple virtual disks, the ability to differentiate access rights, integrate the system with various applications by executing JScript or VBScript scripts, convenient data reencryption, and much, much more.

The StrongDisk Server program also has a lot of additional features. First, it implements a "red button" and logging access to protected information. Secondly, StrongDisk Server has a data backup function that is designed to correct the shortcomings of using container files. The third solution (admittedly very interesting) is the so-called false disks. That is, the user can "under pressure" give attackers a special key with which they will see not real data, but some other information. In addition, StrongDisk Server has several features that prevent the leakage of information that has already been deleted. After all, it's no secret to anyone that those destroyed with the help of standard means operating system, the data actually remains on the hard drive. Additionally, we can mention the possibility of cleaning the paging file and temporary OS files, in which, theoretically, some important information may remain.

Another noteworthy feature of StrongDisk Server is the protection of information transmitted between the server and the end user's computer. This is achieved by establishing a secure connection between them (occurs automatically) like VPN technology, as well as encrypted data transfer. In this case, the installation of a special client is required on end-user computers. Thus, the company on whose server the StrongDisk Server system is installed is protected from sniffing important information from the corporate network.

The CryptoSafe program has the smallest set of additional features. It implements a "red button" that can only be "pressed" from a computer, dependent services (automatic start of certain services when containers are connected), and automatic shutdown containers during long downtime.

Well, now it remains only to compare the prices of the programs considered. So, the cost of Zserver for Windows ranges from about 32,500 (for 10 users) to 67,500 (for an unlimited number of users) rubles. In addition to the program itself, the package includes the necessary hardware (card reader, 2 smart cards and a "red button"). The price of the StrongDisk Server product also depends on the number of users and varies from 24,600 (for 10 users) to 82,500 (unlimited number of licenses) rubles. Well, the cost of "CryptoSafe" ranges from 21,600 (for 10 users) to 60,000 (unlimited number of licenses) rubles, plus the buyer can pay 7,000 rubles for annual technical support.

You can buy products at.

The idea of ​​cloud storage is brilliant. Instead of storing data locally on the devices you use, external drives and home network storage and fiddling with access, synchronization and backups, users over the Internet transfer files and folders to data centers of services and do not know the worries. Access is provided from an application or client program, wherever the user is - you just need to enter a password. There are no problems with storage space: the services offer up to 30 TB, and there is no charge for the initial period of use.

And yet there is a fly in the ointment in a barrel of honey, because of which all the charm of using clouds is forgotten. Users transfer their data into the wrong hands: a photo from the last vacation at sea, or a video from a wedding, or personal correspondence. Therefore, in this comparison, we focused on the security of ten cloud storage services: IT giants - Apple, Google, Microsoft, Amazon, two hosting companies - Box and Dropbox - specializing in cloud storage, as well as two service providers from Russia - Yandex. and Mail.ru.

Plus a billion users in five years

Back in 2015, the number of cloud storage users was about 1.3 billion. By 2020, there will be 1 billion more of them.

Data traffic - three times more

In 2015, cloud storage users transferred an average of only 513 MB of data per month. By 2020, the volume will triple.

Functionality: can you believe advertising

Suppliers, of course, know that users attach great importance to security and must meet their requirements. If you skim through all the offers, it seems that cloud services use the highest security standards and providers go to great lengths to protect their customers' data.

However, upon closer reading, it becomes clear that this is not entirely true and the standards are not always new. Service providers are far from exhausting the possibilities of secure data storage, and “high security”, “SSL protection” or “secure encryption” are just slogans to take advantage of the fact that most customers do not have special knowledge in security issues.

Network memory

Cloud storage services lure customers with free offers. For a fee, the volume can be increased.

TLS is far from everything

"SSL" and "HTTPS" are popular and well-known security abbreviations. But vigilance should not be lost. This type of encryption is a necessity, but not a guarantee of exceptional data security. TLS (Transport Layer Security) cryptographic protocol - “protection protocol transport layer”), which officially replaced SSL 3.0 (Secure Sockets Layer) in 1999, provides secure data exchange between a cloud storage website and a client program on your computer or an application on your smartphone.

Encryption during data transfer is important primarily to protect incoming metadata. Without TLS, any attacker can intercept the transmission and change the data or steal the password.

We tested cloud storage using the comprehensive Qualys testing tool (sslabs.com/ssltest). All providers use the current version of the TLS 1.2 standard. Six of them prefer 128-bit AES encryption, four - more powerful AES 256. Both of them are satisfactory. All services are activated additional protection Perfect Forward Secrecy (PFS - “perfect forward secrecy”) so that the transmitted encrypted data cannot even be decrypted later.

HSTS (HTTP Strict Transport Security - "strict transport security HTTP") - another security mechanism that protects against operations such as downgrade attacks - most vendors do not use. The entire list, that is, TLS 1.2 with AES 256, PFS and HSTS, is only available from Dropbox.

Double access protection

Access to personal data must be protected by two-step verification. Amazon asks for a PIN code in addition to the password, which is generated by the application.

Encryption on the server - a matter of trust

Another standard feature besides secure transmission is data encryption on the provider's server. Amazon and Microsoft, alas, make an exception to the rule by not encrypting data. Apple uses AES 128, others use the more recent AES 256.

Encryption in data centers is not a novelty: if attackers, despite all security measures, still manage to steal user data, they still need a key - unless they resort to extortion. And this is where the problem often arises: this type of encryption is a very dubious solution if providers store the keys to your data.

That is, some cloud service administrator can easily view all your photos at any time. If it’s hard to believe, maybe the option of access by the investigating authorities to the data will be more convincing. Of course, suppliers demonstrate in every possible way serious attitude to the point, but customers have to overcome themselves and show confidence, because in this way their data is not completely protected.

Dropbox secures with 256-bit AES encryption during storage and SSL/TLS during transfer

No end-to-end encryption

In summary, most services secure user data by securing transmission and encryption on the server, with all of our comparisons that encrypt user data holding keys. None of the services use end-to-end encryption. Its fundamental difference from encryption during transmission and on the server is encryption from the very beginning.

End-to-end implies encryption locally on the user's devices and transmission already in this form to data centers. When accessing data, they are returned back to the user in the same encrypted form and decrypted on his devices. The point is that the user, firstly, sends data exclusively in encrypted form, and secondly, does not issue any keys to the provider.

That is, even if the admin burns out of curiosity, the attacker steals the data or the investigating authorities need to disclose it, they will not succeed.
Closely related to Always Encrypted is the implementation of the so-called Zero Knowledge Principle.

Translated into plain language, the essence of it is this: no one but you knows how to decrypt your data. No cloud storage service provider receives information that can be used to decrypt encrypted data - you did not tell him anything, he has "zero knowledge". It is difficult and rather inconvenient to implement this in practice, and the participants in our comparison by this criterion cannot present anything to us.

Without two-factor authentication

It is obvious that providers are concerned with the security of their customers' data, but for some reason they do not fully think through the action plan. Access to data stored in the cloud is effectively protected by two-factor authentication. Its essence is as follows.

To successfully complete the login process, only a username and password are not enough - you also need a PIN code, and not a permanent one, as, for example, for a bank card, but generated by an application on a smartphone or sent via SMS to a phone. Usually such codes are valid for 30 seconds.

The user needs to keep a smartphone at hand, tied to account, and during the login process, after the password, enter the received code. Domestic providers do not offer this simple and effective method of protection, unlike the Internet giants, as well as the "narrow profile" Box and Dropbox.

Actual cloud storage speed

We measured the speed of cloud storage over cable (up to 212 Mbps), DSL (18 Mbps) and LTE (40 Mbps). The diagram shows the average speed for all connection methods.

Myself a cryptographer. Boxcryptor encrypts files on the device and provides convenient management of cloud storage accounts in one window. Users can choose whether they need to manage the key themselves or not

Location is also an important aspect.

Despite all efforts, at home it is impossible to achieve the level of security offered by the cloud storage service in the data center, and this is a powerful argument in favor of cloud storage. This can be seen by looking at their equipment. All providers except Dropbox, even for free offers, are ISO 27001 certified.

The location of the data centers also plays an important role. Servers of Amazon, Google and other companies are located in the US and are subject to US laws. Servers located only in Russia, such as Yandex and Mail.ru, respectively, are subject to Russian laws.

In order not to interfere with the work of other programs, Dropbox uses an automatic limit in the client

Conclusion: room to grow

The cloud storage services that we reviewed only offer security standard set. Looking for End-to-end encryption or Zero knowledge does not make sense. All services provide data transfer protection, but Amazon and Microsoft servers do not encrypt.

But data centers meet high information security requirements. At the same time, the comparison did not reveal cloud storage with ideal protection.

The advantages of Russian suppliers are in the location, but the most simple methods security, such as two-factor authentication, they ignore. You must take care of yourself permanent protection data, even if it means high costs and complex management.

To exchange files between computers and mobile gadgets, cables and flash drives are no longer needed. If the devices have Internet access, files can "fly" between them "on the cloud". More precisely, they can "settle" in cloud storage, which is a collection of servers scattered around the world (combined into one virtual - cloud server), where users place their data for a fee or for free. In the cloud, files are stored in exactly the same way as on a computer hard drive, but are available not from one, but from different devices who are able to connect to it.

Every second or third Internet user has already taken cloud storage technology into service and uses it with pleasure, but someone is still saved by flash drives. After all, not everyone knows about this opportunity, and some simply cannot decide which service to choose and how to use it. Well, let's figure it out together.

What are cloud storages from the user's point of view and how they work

If you look through the eyes of an inexperienced user, cloud storage is a common application. All it does is create a folder on the computer under its own name. But not simple. Everything that you put into it is simultaneously copied to the same cloud-based Internet server and becomes available from other devices. The size of this folder is limited and can grow within the limits of the disk space allocated to you (on average, from 2 GB).

If the cloud storage application is running and the computer (mobile gadget) is connected to the global network, the data on the hard drive and in the cloud are synchronized in real time. At battery life, and also when the application is not running, all changes are saved only in local folder. When the machine is connected to the Internet, access to the storage becomes possible, including through a browser.

Files and folders uploaded to the cloud are full-fledged web objects, the same as any content of Internet sites and ftp storages. You can link to them and share links with other people, even those who do not use this service. But only those who you yourself have allowed to download or see an object from your storage will be able to. In the cloud, your data is hidden from prying eyes and securely protected with a password.

The bulk of cloud services have additional functionality - a file viewer, built-in document editors, screenshot tools, etc. This, plus the amount of space provided, creates the main differences between them.

— a cloud storage service that needs no introduction Windows users. Still, because in latest releases this OS (in the "top ten") it really climbs on top of everything on the screen, as it is set to autorun by default.

For Windows users, the advantage of the Microsoft OneDrive service over its counterparts is, perhaps, only one - it does not need to be installed. Also, you do not need to create a separate account for it - to enter the cloud, just enter your Microsoft account details.

The owner of one Microsoft OneDrive account provides 5 GB of free disk space to store any information. To get extra volume, you have to pay extra. The maximum is 5 TB and costs 3,399 rubles per year, however, this package includes not only disk space, but also Office application 365 (home release). More democratic tariff plans are 1 TB (2,699 rubles per year - storage and Office 365 personal) and 50 GB (140 rubles per month - only storage).

Additional features of all tariffs:

• Support for others operating systems- Mac OS X, iOS and Android.
• View and edit documents using the built-in Office applications.
• Remote access to everything on the computer (not just OneDrive folders) that has the service installed and uses your Microsoft account.
• Creation of photo albums.
• Built-in messenger (Skype).
• Creation and storage of text notes.
• Search.

Only paid versions:

• Create expiration links.
• offline folders.
• Multi-page scanning with saving documents to a PDF file.

In general, the service is not bad, but sometimes there are problems with logging into the account. If you are going to use the web version of the repository (through a browser) and access it under a different IP address than before, Microsoft will sometimes run a verification that the account belongs to you, which takes quite a lot of time.

There were also complaints about the removal of user-generated content from OneDrive - when Microsoft suspected that it was unlicensed.

is one of the oldest cross-platform cloud storages. Unlike the previous one, it supports all major operating systems, as well as some rarely used ones, such as Symbian and MeeGo. The service is very easy to use, works quickly and stably.

For free, a DropBox user is provided with only 2 GB of disk space for storing personal files, but this amount can be doubled by creating and attaching another one to your account - work (which can actually be personal). Together you get 4 GB.

Switching between personal and work disk space on the DropBox website and in the application is carried out without logging out of your account (you do not need to enter your login and password every time). On the computer for both accounts is created separate folder- 2 GB each.

DropBox, as expected, also has several tariff plans. Free was mentioned above, Paid is "Plus" (1 TB, $ 8.25 per month, designed for personal use), "Standard" (2TB, $12.50 per month, business), "Advanced" (unlimited, $20 per month per user), and "Enterprise" (unlimited, custom pricing). The differences between the last two are in the set of additional options.

In addition to storage, free users have access to:

• Service joint work with DropBox Paper docs.
• Ability to share links and create shared folders.
• Log of file changes with the ability to restore them to previous version(up to 30 days).
• Commenting on files - both your own and other users, if the file is available for viewing.
• Search function.
• Receive event notifications (configurable individually).
• Automatically upload photos from the camera (by the way, for enabling this option some time ago, DropBox provided users with additional space).
• Choice of full or selective synchronization.
• Data encryption during storage and transmission.

The possibilities of paid tariffs can be listed for a very long time, so we will note only the main ones:

• Remote destruction of data from DropBox on a lost or stolen device.
• Link expiration date.
• Two-factor account authentication.
• Setting access levels to different data.
• Enhanced information security class HIPAA / HITECH (secure storage of medical records).
• 24/7 technical support.

DropBox, if not the best, then a very worthy service. Despite the small amount of free space by today's standards, it is used by millions of people around the world.

Mega (Megasync)

As you can see from the description, Amazon Web Services is focused only on the corporate sector and is not intended for storing albums with photos of cats, although it is possible that someone uses it for this as well. After all, cloud file storage - Amazon Glacier, like Yandex disk, provides users with 10 free GB. Additional volume costs $0.004 per GB per month.

Comparing Amazon Glacier to the web resources described above is perhaps incorrect, as they serve slightly different purposes. The functionality and capabilities of this service are determined by business objectives, including:

• Uninterrupted operation, increased reliability.
• Compliance with enhanced data protection standards.
• Multilingual interface.
• Unlimited volume (extension for extra charge).
• Ease of use and flexibility of settings.
• Integration with other Amazon Web Services.

Those who are interested in Amazon's capabilities can check out the full AWS product documentation, which is located on the official website.

Mail.ru

It occupies the second or third place in the popularity rating of file web storages among the Russian-speaking audience. In terms of its set of features, it is comparable to Google Drive and Yandex Disk: it, like them, contains web applications for creating and editing documents (texts, tables, presentations) and a screenshot tool (a utility for taking screenshots). It is also integrated with other Mail.ru projects — mail, the My World and Odnoklassniki social networks, the Mail.ru service. Dating, etc., has a convenient file viewer with a flash player and is also very affordable (for those who do not have enough allocated space).

The Mail cloud has 8 GB of free storage space (this figure has changed several times in the past). The premium plan for 64 GB costs 690 rubles per year. For 128 GB you will have to pay 1,490 rubles a year, for 256 GB - 2,290 rubles a year. The maximum volume is 512 GB, it will cost 3,790 rubles a year.

Other functions of the service are not much different from similar ones. It:

• Shared folders.
• Synchronization.
• Built-in search.
• Ability to share links.

The Mail.ru client application runs on Windows, OS X, iOS and Android.

Cloud storage— a branded web service for owners of smartphones and tablets of the same manufacturer. Designed to store backup copies of data with mobile devices- multimedia content, OS files and other things at the discretion of the user.

Client samsung app Cloud is preinstalled on phones and tablets released after the second half of 2016 (more precisely, after Samsung release Galaxy Note 7). Registering an account on the service is possible only through it, apparently to screen out outsiders.

Free storage is 15 GB. An additional 50 GB costs $0.99 per month, and 200 GB costs $2.99.

iCloud (Apple)

- a favorite among cloud storages among users of Apple products. Still, because it is free (though not very roomy) and is integrated with other apple services. The service is designed to store backup copies of data from the iPhone, iPad and iPod, as well as user media files, mail and documents (the latter are automatically synchronized with the contents of iCloud Drive).

Free iCloud storage is 5 GB. Additional storage is priced at $0.99 for 50GB, $2.99 ​​for 200GB, and $9.99 for 2TB.

The iCloud client app supports Mac OS X, iOS, and Windows operating systems. There is no official application for Android, but owners of devices based on this OS can view mail from the Apple cloud on their device.

The Chinese service completes the top cloud storage parade. As you can see from the screenshot, it is clearly not adapted for you and me. Why is it needed then, if there are domestic, European and American analogues more familiar to the Russian-speaking person? The fact is that Baidu provides users with a whole terabyte of free disk space. For the sake of this, it is worth overcoming the difficulties of translation and other obstacles.

Signing up for Baidu Cloud is significantly more labor intensive than the competition. It requires confirmation by a code sent via SMS, and SMS from a Chinese server does not come to Russian, Belarusian and Ukrainian numbers. Our fellow citizens have to get out with the help of rent virtual number phone, but that's not all. The second difficulty is that an account cannot be registered for some addresses. Email. In particular, on gmail services (Google is blocked in China), fastmail and Yandex. And the third difficulty is the need to install the Baidu Cloud mobile application on a phone or tablet, since this is what 1 TB is given for (when registering on a computer, you will receive only 5 GB). And it, as you understand, is entirely in Chinese.

Aren't you scared? Go for it and you will be rewarded. Information on how to create a Baidu account with your own hands is available on the Internet.

Cloud storage remains a type of service that has taken root in our lives. They experienced rapid growth, experienced a market glut when new "clouds" opened almost every week, experienced a recession when the same "clouds" began to close one by one. And now we have before us just a type of service that has become established and has already become commonplace, has passed the test of time, given the features and speed of the modern industry.

There are a lot of cloud storages. Each has its own characteristics and its own audience. Someone chooses only one "cloud", someone uses several at once. We have chosen ten, the most interesting of them. One of the criteria for this top is a free plan with free space in the cloud so that each user can try it out for himself. No trial, just a free plan with free space.

10.pCloud

Quite an interesting and rapidly developing cloud. The cloud blog is updated almost every week, and it is clear that the developers are actively working on it. They give 10 GB for free, but by following a few simple steps. You can get a few more GB. There is a referral system that will also allow you to increase your free space. It is also interesting that pCloud, in addition to the monthly and annual subscription fee for advanced features, it also has a tariff with a one-time purchase, you just pay a certain amount and increase the volume of your cloud, forever, it’s hard to remember which cloud still does this.

9. MEGA

Encrypted Vault by Kim Dotcom. There were rumors that the cloud was taken away from him, about other unpleasant ups and downs in the management of MEGA, but this does not prevent the cloud storage from developing and existing further. The cloud is built on enough high level encryption, for more comfortable work with the web version, it is better to install a special browser extension so that the decoding process goes much faster. There are applications for all popular operating systems. The main thing that attracts many is that MEGA gives 50 GB on a free plan. This volume was at the start, it remains so to this day.

8.MediaFire

One of the oldest services in this top, works well, but develops rather slowly. There is no desktop version, so you have to use the web version, but with mobile applications full order.

I started MediaFire as a file hosting service, but in time I realized the decline of such services and repurposed into cloud storage. Old users and those who managed to get under the action have 50 GB of free space, the rest are given 10 GB, but sometimes it becomes possible to increase the amount of available space for free.

7. Box

Another cloud storage that has stood the test of time. Box was originally focused on business and this has allowed it to survive to this day and have a dedicated user base. They give 10 GB for free, and sometimes there are promotions to get 50 GB of free space. That's just the free plan has many limitations. All these restrictions will be removed if you switch to a subscription.

6. Cloud Mail.Ru

The Mail.Ru Cloud was launched with 100 GB of free space, then there was a promotion where you could get 1 TB for free, then the volume was significantly reduced, and on new accounts they give a meager amount of space. The cloud has received a built-in audio player, integration with Office Online and continues to receive new features and support for new formats, but instability with free volume does not allow it to rise higher in the rankings.

5. Yandex.Disk

Surprisingly stable, in terms of volume, cloud storage from Yandex. At launch, they gave 10 GB of free space. Several years have passed, and 10 GB is still there, but there are constant promotions when you can either temporarily get free volume or increase the cloud on a permanent basis. Let's add support for a large number of formats, integration with Office Online and continuous development of applications.

At the end of 2017, the Disk also stood out and. Everything that you upload to Yandex.Disk from your phone will not be taken into account when calculating the total volume. Apparently this is not an action, since no deadlines are called. There are also no size restrictions, which makes this opportunity even better than what is in Google Photos.

4.iCloud

If you love Apple technology, then you must have come across this cloud storage. Many applications work through it, backup and synchronization take place. You can also use iCloud as our usual cloud storage. Throw in Apple's screwed-up office suite, a Windows app, and you've got a pretty decent cloud storage with a dedicated fan base.

That's only if you do not use Apple products, for you more the best option any other cloud storage in this top will be, as it will give you more options.

3. Dropbox

It is Dropbox that is considered the service that started the "explosive" growth of cloud storage. Dropbox was one of the first to popularize given type services, and although now he does not have better times, the service continues to develop and receive new opportunities. Free Dropbox gives only 2 GB. Increasing the free volume of shares have not been carried out for a long time, and restrictions free plan prevent full use of the cloud. Unfortunately, Dropbox is no longer up to the ideal cloud storage.

2.OneDrive

Cloud storage from Microsoft. There is a tight integration with the office Office package Online, which is also integrated into other cloud storages, with the consent of Microsoft. By default, it is integrated into Windows 8.1 and Windows 10. Format support is also quite extensive. Working in this cloud, many users can safely refuse a full-fledged package Microsoft office or Microsoft Office 365, which provide only enhanced features for more professional tasks.

When you purchase a Microsoft Office 365 subscription, you also get 1 TB of OneDrive space as a bonus. So many simply do not expand the volume of the cloud on a paid basis, but simply purchase an Office subscription, and at the same time increase the cloud space.

1. Google Drive

Cloud storage from Google has the most more quantity supported file formats, which can be extended with optional cloud extensions. office documents small size, and photos and videos with a small extension - do not count towards the calculation of available space in the cloud. And this space is 15 GB.

The cloud is integrated with the Google Docs cloud office suite, which has a simple and user-friendly interface for which we prefer many to use as the main office suite. Recently google apps Drive and Google Photos have been merged into one app called "Google Autoload and Sync". There were rumors about an application for Linux, but so far many continue to use unofficial clients, and this is almost the only serious drawback of the leader of the current top.

How and where to store your data? Someone uses flash drives, someone buys packs of hard drives and equips their own home storage, but there is an opinion that the safest place to store data is in the cloud. And this opinion is well-founded.

Cloud storage providers currently offer you the most advanced solutions in terms of your data security and management. Of course, you can make such loud statements as much as you like, but here are the arguments:

Data in safe “paws”

What is the user worried about? About personal data: card and phone numbers, information about actions, and so on. The cloud is like the Presidential Administration: a bunch of guards, CCTV cameras and locks.

No matter how far away the boss's laptop is with the data of all employees, it is still easy to get to it by hacking into the network to which it is connected. Now draw a conclusion why a cloud protected and scanned around the clock by various security tools is more reliable than your physical media.

All data in the cloud is carefully encrypted, so even after gaining access to it, an attacker will have to deal with this:

Backup in the cloud - automatic and permanent, so even the angry "lady" with whom you broke up yesterday is not able to destroy your collection of German films, which you have been cataloging since the distant 90s.

Security at your fingertips

If you, for example, are a software developer and develop your own application, then you probably update it often, because without updates it becomes a dead weight. Each a new version is related to code debugging, and during this very important process, vulnerabilities are introduced that can give an attacker access to the personal data of your users. The cloud can solve this problem thanks to its chips:

• The administrator can define the rights and roles of each user who works on the project
• Automation of some processes eliminates the human factor: accidental or deliberate damage to the release code
• Various utilities like Amazon Inspector scan the system around the clock looking for gaps
• Any actions are secretly recorded in the log file - total control is provided

Google is reading my emails!

Numerous rumors that Google and Amazon employees gather at a round table every day and begin to read users' private messages are nothing more than rumors. This is not why companies spend millions of dollars maintaining cloud infrastructure.

All files are stored on several hard drives that recover on their own. Moreover, one file can be divided into parts on different disks.

In the end, the advantage of the cloud comes down to minimal human impact, which already guarantees impeccable security. Think for yourself, who is more likely to fail, your hard drive or the whole cloud system, in which such drives are used as consumables and are constantly updated?