Who is in charge of the Internet Cloud? (Stay In Control)
October 23, 2022
Have you ever wondered who holds the keys to all of your cloud-stored data? Encryption ensures that no one else may access your data unless you provide them with the encryption keys. But where do these keys go? Who has authority over them? Where are they stored?
Finding answers to these issues can be puzzling and, at times, scary.
Data stored in the cloud is almost always encrypted and must be decrypted before an intruder can read it. However, as a cloud computing and cloud security specialist, I've learned that the location of the encryption keys varies across cloud storage services. Furthermore, there are relatively easy steps that consumers may do to strengthen the security of their data beyond what is built into the services they use.
The Cloud Encryption
Most cloud service providers offer some form of data encryption to their customers. Data protection in transit is straightforward: information is almost always encrypted while traveling (between datacenters, or between servers and user devices) using TLS or other dependable means.
When data is at rest or in use on a cloud server, it becomes more difficult to protect. Cloud providers can encrypt data on their servers, but in order to provide indexing, online reading, online collaboration, or other services, they must retain control over the encryption and decryption keys.
When cloud providers hold the encryption keys, data is at risk from an additional set of threats. Not only do companies need to worry about malicious insiders and outsiders who target their own systems, they also need to be concerned about attacks on their cloud providers. And because they can’t directly control how their cloud providers protect their data (or the keys), many organizations are unwilling to accept cloud-based encryption for their most sensitive data.
Commercial cloud storage systems use a unique encryption key to encrypt each user's data. Without it, the files appear to be nonsense rather than useful data. But who is in possession of the key? It can be archived either by the service or by individual users. Most services keep the key on their own servers, allowing their systems to view and process user data, such as indexing it for future searches. When a user enters in with a password, these services gain access to the key, unlocking the data for the user to utilize. It's far more convenient than allowing people to keep the keys. But it's also less secure: just like regular keys, if someone else has them, they could be stolen or misused without the knowledge of the data owner. And some services may have flaws in their security practices that leave user data vulnerable.
LET USERS STAY IN CONTROL
Some less popular cloud services, such as Mega and SpiderOak, require users to upload and download files via service-specific client programs with encryption features. This extra step enables users to keep their own encryption keys. Users forego certain capabilities, such as the ability to search their cloud-stored files, in exchange for increased protection. These services aren't ideal; it's always possible that their own apps will be infiltrated or hacked, allowing an attacker to view your files before or after they've been downloaded and decrypted.
An encrypted cloud service provider may even embed features into their specific application that could make data vulnerable. And of course, if a user loses their password, the data is unrecoverable. A new mobile app says it can keep phone photos encrypted from the moment they are taken, via transmission and cloud storage.
Different new services that provide similar protection for other types of data may emerge, but users should always be on the lookout for the danger of information being misappropriated in the seconds after the photo is taken, as well as before the shot is taken. To ensure maximum security, data is encrypted and stored. It is advisable to integrate the capabilities of these several ways when using cloud storage. Encrypt your data before sending it to the cloud using your chosen encryption software. The encrypted file should then be uploaded to the cloud. Connect to the service, download the file, then decrypt it yourself to regain access to it.
Of course, this hinders users from using many cloud services, such as real-time editing of shared documents and searching for items saved in the cloud. And the cloud service provider can still alter the data by updating the encrypted file before uploading it. Using authorized encryption is the best approach to protect yourself. This approach not only saves an encrypted file, but adds includes metadata that allows a user to determine whether or not the file has changed since it was produced. Finally, for those who do not wish to learn how to program their own tools, there are two options: Find a cloud storage service with downloadable software that's reliable, open source, and validated by independent researchers in security Or use reliable open source encryption software to encrypt your data before uploading it to the cloud; these are available for all operating systems and are usually free or at very low cost.
Some less popular cloud services, such as Mega and SpiderOak, require users to upload and download files via service-specific client programs with encryption features. This extra step enables users to keep their own encryption keys. Users forego certain capabilities, such as the ability to search their cloud-stored files, in exchange for increased protection. These services aren't ideal; it's always possible that their own apps will be infiltrated or hacked, allowing an attacker to view your files before or after they've been downloaded and decrypted.
An encrypted cloud service provider may even embed features into their specific application that could make data vulnerable. And of course, if a user loses their password, the data is unrecoverable. A new mobile app says it can keep phone photos encrypted from the moment they are taken, via transmission and cloud storage.
Different new services that provide similar protection for other types of data may emerge, but users should always be on the lookout for the danger of information being misappropriated in the seconds after the photo is taken, as well as before the shot is taken. To ensure maximum security, data is encrypted and stored. It is advisable to integrate the capabilities of these several ways when using cloud storage. Encrypt your data before sending it to the cloud using your chosen encryption software. The encrypted file should then be uploaded to the cloud. Connect to the service, download the file, then decrypt it yourself to regain access to it.
Of course, this hinders users from using many cloud services, such as real-time editing of shared documents and searching for items saved in the cloud. And the cloud service provider can still alter the data by updating the encrypted file before uploading it. Using authorized encryption is the best approach to protect yourself. This approach not only saves an encrypted file, but adds includes metadata that allows a user to determine whether or not the file has changed since it was produced. Finally, for those who do not wish to learn how to program their own tools, there are two options: Find a cloud storage service with downloadable software that's reliable, open source, and validated by independent researchers in security Or use reliable open source encryption software to encrypt your data before uploading it to the cloud; these are available for all operating systems and are usually free or at very low cost.
