Cloud storage services like Dropbox, Google Drive, and others are so convenient. You can toss files into cloud storage and access them from anywhere, or you can share them with friends. Oh, it’s true that a breach left Dropbox data vulnerable in 2011, and again in 2012, but apparently the alleged breach in 2014 was a hoax. Not feeling reassured? DataLocker SkyCrypt will encrypt all of your cloud-stored files so smoothly you’ll hardly know it’s doing anything.
Your $39.99 purchase gets you the product and a year of updates. You can keep using it as long as you want, but after that first year you won’t get automatic updates unless you renew. This isn’t like an antivirus product that needs updates to function; most users will probably opt not to renew. There’s also a 30-day free trial option. Don’t worry about losing your files when the trial period ends. The product keeps working; it just goes into read-only mode. You can view and access existing files, but can’t encrypt new ones.
At first launch, the program offers a simple three-step process to create an encrypted folder in one of your existing cloud-storage services. If you haven’t already, you must install that service’s local client, the one that makes your cloud folder appear as if it’s a local folder. The product is fully compatible with Dropbox, Google Drive, SkyDrive, Box, and Amazon Cloud Drive, as well as “other popular cloud-storage providers.” If your cloud provider offers a utility to make cloud storage appear as a local folder, it’s supported.
The first step to creating a SkyCrypt drive is to select which cloud service you’ll use. SkyCrypt scans to see which are available and only enables those possibilities. You can also choose any local folder, or any cloud folder that appears as a local folder.
Next you’ll define a strong password to protect your SkyCrypt drive. By default, the program will remember this password, so you don’t have to type it in again. If you un-check that box, you’ll need to type in the password each time you mount the drive. SkyCrypt insists on at least six characters for your password, and it rates password strength as you type. Don’t settle for the minimum; keep going until it says your password is strong.
Note, too, that if you forget the password, your data is hosed. By design, DataLocker has no way to recover a lost password. That way they can’t be forced by the government to turn over your files. DigitalQuick offers a similar service, but the company retains the encryption keys. That’s a bummer for security paranoids.
The third step is to assign a drive letter to your SkyCrypt drive and decide whether it should be mounted automatically when SkyCrypt launches; this option is checked by default. Most users should also leave the option to encrypt filenames turned on. That way, in the event of a breach, the attackers won’t get any clues about the nature of your saved files.
There’s one optional final step after you’ve created the drive, and that’s to back up the security token for this drive. I don’t see why this is optional, as you will really need that backup in a variety of situations. You can install SkyCrypt on up to three computers, but you’ll need this token to open the folder from a different computer. You also need it if you plan to share folders or files with other SkyCrypt users.
Once you’ve configured your cloud-based SkyCrypt drive, using it is just like using any other folder. Any file you drop into that drive is encrypted automatically, though to you it doesn’t look any different. When you launch a file, or copy it from the SkyCrypt drive, it gets decrypted automatically. And you can create as many SkyCrypt drives as you need. Simple!
There’s a certain similarity between this product and HP Trust Circles. In both cases, as far as the user is concerned, the encryption and decryption process is totally invisible. HP Trust Circles is specifically designed to allow file sharing between “circles” of users, so that even if an emailed file goes astray or a USB-resident file gets lost, the data isn’t exposed.
Layer Upon Layer of Security
If you accept all the defaults, SkyCrypt is secured only by your Windows account password. That means that if you leave your desk without logging out or locking the desktop, a spy or nosy co-worker would have full access to your encrypted files. Depending on your needs, you can put a variety of obstacles between that spy and your secrets.
Start by opening up properties for your SkyCrypt drive and un-checking the box that tells it to remember your password. Now nobody can mount the drive without knowing the password. You may want to also uncheck the box that automatically mounts the drive when SkyCrypt launches, especially if you have multiple encrypted drives. For even greater security, unmount any drive you’re not actively using.
You can also require an overall password for SkyCrypt—a strong one, of course. If you’re careful to shut down SkyCrypt when it’s not in use, you’ve created another barrier to keep out spies.
Still worried? It’s easy to enable two-factor authentication using Google Authenticator. Just load the app on your smartphone, scan the barcode displayed by SkyCrypt, and enter the verification code displayed on the phone. From now on, launching SkyCrypt will require a Google Authenticator code. You can use this instead of or in addition to the master password.
Sharing Files and Folders
As far as using your own files goes, SkyCrypt is totally transparent. You don’t see any of the magic happening. But if you want to share those files with others, it’s not quite as simple.
To start, you can only share with other SkyCrypt users, and that means you can only share with Windows users. The recipient can install a free trial that’s fully functional for 30 days and reverts to read-only mode after that time. In a business setting, the boss might decide to equip everyone in the office with a copy of SkyCrypt. Home users who frequently need secure file sharing might be better off with the free HP Trust Circles.
To share an encrypted folder, you start by sharing access the way you would any other cloud folder. Next, securely transmit that security token you saved to the recipient, along with the password for the SkyCrypt drive that holds the file. Don’t put the token in an unencrypted cloud folder; find another way!
The recipient treats the shared folder as an existing SkyCrypt drive and unlocks it using the security token and password. That’s it; now the recipient has full and transparent access to that folder.
Sharing a single file is relatively awkward. My DataLocker contact explained the process. “You zip up the file and token and email it to recipient. They then need to create a new local folder, unzip the files and open the folder with SkyCrypt. If you want this file to have a different password than your own, you need to change your password beforehand and then change it back after.” This seems significantly awkward. He did note that the next major release of SkyCrypt will include an automated process for sharing files.
I must admit, I don’t much like the idea of transmitting that security token and password to share a folder. It seems to me there’s a chance for a malefactor to intercept that information. On the other hand, said malefactor would also have to breach your cloud storage in order to make use of the captured credentials. I definitely wouldn’t use the single-file transmission method described here. Just put the file in its own folder and share that folder.
SkyCrypt encrypts files on your system using 256-bit AES encryption that’s FIPS 140-2 certified, meaning it’s suitable for military use. It uses Cipher Block Chaining, which means that decrypting each block of data is dependent on decrypting all previous blocks, so a brute-force attack that somehow managed to decrypt one block would gain just that—one block.
The encrypted data travels via a secure connection to your cloud folder, and nowhere else. SkyCrypt doesn’t store it. When you need to open or copy one of your encrypted files, SkyCrypt downloads the encrypted file over a secure connection and decrypts it on your computer. I didn’t observe any slowdown from the encryption process.
All encryption and decryption happens locally, using your locally-stored security token. If you forget your password, DataLocker can’t do anything for you. As noted, this also means they can’t be forced to turn over your data to any government agency. It’s a proper zero knowledge arrangement.
DataLocker SkyCrypt is a great solution for protecting files that you keep in cloud storage. The process is completely transparent; you never have to think about encryption or decryption. And you can decide how many layers of security to employ. You can set up folder sharing with other SkyCrypt users, but sharing individual files is awkward and potentially insecure. This is a good solution for the consumer, perhaps not as good for business.
|Tech Support||Telephone, email, live chat|
|OS Compatibility||Windows Vista, Windows XP, Windows 7, Windows 8|
|Type||Business, Personal, Enterprise|
Copyright © 2012 Ziff Davis, Inc