Monday, 23 December, 2024

What ensures the security of Cloud storage?


What ensures the security of Cloud storage?

Estimated reading time: 4 minutes

If youā€™re shopping for cloud storage, chances are you want a provider that keeps your files secure. What should you look out for when choosing a secure cloud storage provider? We go over a few things to keep in mind while shopping.

Note that when we say ā€œsecure,ā€ we mean that your files are safe from outside attacks, as well as from snooping by the provider itself. Sadly, not all cloud storage is created equal and finding a service that respects your right to security and privacy isnā€™t as easy as you may think.

“Secure” Cloud Storage

Quite often, cloud storage providers will attempt to lure you into signing up with them by telling you that it is secure since it has ā€˜military-grade encryption.ā€™ This is nothing but a marketer speaking, as what it refers to is the use of Advanced Encryption Standard 256 to encrypt information with the assistance of Secure Sockets Layer / Transport Layer Security used for the overwhelming majority of Internet connections.

During the creation of this document, AES-256 had not been cracked, and has not been possible to be cracked within any reasonable timeframe, so is a great protocol to implement. It is, however, sometimes claimed to be special in some way when in fact it is easy to perform, and people do perform it frequently. All kinds of services and apps use it to encode data, including cloud storage services or Virtual Private Network (VPN) services.

Data at Rest and in Transfer

When data is encrypted is much more important. Many cloud storage providers, maybe even a majority, use a two-step process. When you send data from your hard drive, they will use SSL/TLS to encrypt your data in transit, then once it arrives on their servers, decrypt it and re-encrypt it for storage using AES-256. When you download data, this process is reversed.

This may seem like a good idea at first glance, but there is an issue: for a brief time, your data is not encrypted while on the serviceā€™s server. This means that they can see what youā€™re storing and even access the files. If youā€™ve ever gotten in trouble with a cloud storage service for uploading copyrighted material (Google Drive is notorious for this), this is because they snooped.

Of course, weā€™re not going to make a stand for copyright violators, but this security architecture can be a serious issue if the provider is compromised in some way. If a cybercriminal were to have access to their servers, theyā€™d have access to your files. There is a way to fix this, though.

End-to-End Encryption

The answer comes in the form of end-to-end encryption, which youā€™ll sometimes see referenced as EE2E. As the name suggests, this process encrypts your data from one end of the download/upload pipeline to another. Your files are encrypted on your hard drive and stay that way during transit and at rest until theyā€™re back on your hard drive again.

When using end-to-end encryption, at no point can any unauthorized person access your files. If your provider somehow does experience a breach, all any hacker will find is a bunch of encrypted data which is useless without the password.

When it comes to both security and privacy, end-to-end encryption is much better than the encrypt-then-decrypt-again method. There doesnā€™t seem to be a good reason why the latter is still used, though there are indications that itā€™s less resource intensiveā€”besides letting you keep an eye on your customersā€™ files.

Zero-Knowledge Encryption

Another important aspect of cloud storage security is something called zero-knowledge encryption, sometimes referred to as zero-knowledge access. Zero knowledge in this case means that the service youā€™re using doesnā€™t know what your password is.

This means that at no point can anyone from that service access your encrypted files. More importantly, even if there is a breach, your password canā€™t be leaked because nobody knows it. Itā€™s a great system, but does have a downside: you canā€™t reset your password. Always make sure you use a password manager when creating an account with a zero-knowledge service, or you risk getting locked out permanently.

Keeping Your Files Safe

You could always manually encrypt your files before you upload them if you need to use a service that doesn’t offer E2EE, though it does add several steps to the process.


Discover more from News Round The Clock

Subscribe to get the latest posts sent to your email.

0 comments on “What ensures the security of Cloud storage?

Leave a Reply

Join The Conversation

Join Our Mailing List

Nigerian Wedding – Dolapo + Jide ā¤ļøšŸ’

GROCERIES CATEGORY

Premier League Table

The Super Eagles at the FIFA World Cup (1994-2018)

Follow NRTC on Twitter

Discover more from News Round The Clock

Subscribe now to keep reading and get access to the full archive.

Continue reading