|By Jim Liddle||
|January 6, 2014 08:00 AM EST||
The recent PRISM Data snooping controversies have heightened almost every companies awareness of the potential vulnerabilities of data stored off-premise in the Cloud. Many Cloud Storage companies talk about encrypting data ‘at rest' but the real issue is that the storage companies control the encryption rather than the company whose data is stored controlling the private key.
Ask yourself these questions?
- Are you comfortable not controlling your own file encryption?
- Do you have sensitive data you wish to store in the cloud that you do not want to have your file sharing vendor have access to?
- Do you have data that absolutely must have controlled encryption from a legislative view point?
- Do ypu trust your vendor not to provide a ‘back door' to the NSA?
So what can you do to protect your data ?
- Consider desktop encryptors such as TrueCrypt and BoxCryptor. Click here for a detailed guide of using BoxCryptor with Storage Made Easy.
- Consider an alternative non tracking search engine such as DuckDuckGo. This enables anonymous searching and offers other privacy features.
- Consider using an anonymous proxy that hides your IP address. Tor (originally short for The Onion Router)is free software, available for desktop and mobile clients, for enabling online anonymity. Tor directs Internet traffic through a free, worldwide volunteer network consisting of thousands of relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis.
- Do not forget that there are many ways to identify you, even if the IP address is ‘randomized'. Either Delete your browser cache, history and cookies etc or consider using anonymous browser sessions or extensions or add-ins that prevent browser cookies or tracking.
- Consider the locality of your data. If you are in the UK or EU do you really want your data hosted in the US and subject to the Patriot Act. If you are in the US (or anywhere in the world) consider point 2 strongly. Private Cloud can offer just as many benefits as public cloud.
Among many other, one of the many services that the Storage Made Easy Cloud service provides is an encryption service that can encrypt data uploaded to remote Cloud Storage. As SME supports around 45 cloud storage vendors this means that all of these are able to take advantage of private key encryption for some or all data. This private key is not stored by Storage Made Easy. If you lose it, or forget it, you cannot get access to your data.
SME uses AES-256 encryption using the Rijndael cipher, with Cipher Block Chaining (CBC) where the block size is 16 bytes. The cipher Rijndael consists of:
- an initial Round Key addition
- a final round.
The chaining variable goes into the "input" and the message block goes into the "Cipher Key. The likelihood of recovering a file that has been encrypted using our encryption is fairly remote. The most efficient key-recovery attack for Rijndael is exhaustive key search. The expected effort of exhaustive key search depends on the length of the Cipher Key and for a 16-byte key, 2127 applications of Rijndael.
Once files are encrypted in this manner they can be accessed by an of the comprehensive SME desktop (Mac, Windows, Linux) or mobile tools (Windows Phone, iOS, Android, BlackBerry). When an encrypted file is accessed the user is prompted to provide the private key phrase before the file can be opened.
Any AES-256 decryption tool that supports the Rijndael cipher with 16 byte blocksizes can be used to un-encrypt files. For example the popular freeware file manager Total Commander has a free plugin to handle such decryption.
Standalone desktop decryption tools are also provided by Storage Made EAsy in the event encrypted files are downloaded direct from remote clouds rather than via the SME service. These tools enable the desktop decryption of files using the private key that was set on upload. These Apps are available for Mac, Windows and Linux Operating Systems from the SME Cloud Tools page.
What we have outlined so far is with regards to the Storage Made Easy SaaS hosted service but SME also provides this service as an on-premise Cloud Control service that can reside behind the corporate firewall. It enables the ability to keep very sensitive data behind the corporate firewall but still enable secure file sharing and at the same time offers the ability to encrypt data that is stored on remote cloud storage and other SaaS services.
An often trotted out phrase is that "if you are doing nothing wrong you have nothing to fear". With that simple phrase vanish personal freedoms and liberties built up over hundreds of years from the likes of Thomas Paine onwards.
Post Syndicated and adapted from the Storage Made Easy Blog.