recently, data leaks and various security incidents have been constantly part of daily news and scandals. From an end-user point of view, it looks like storing confidential data in the cloud is a serious risk, especially when dealing with sensitive and strategic data. Why?
Thanks to the confession of Edward Snowden, we now know for sure that government agencies have the power and the means to actually spy our activity on the Internet and access our data, no matter where our data are stored. They manage to do so thanks to their state-of-the-art technologies and other “more practical” means such as secret agreements and backdoors.
Unfortunately, this isn’t the only source of risks for the confidentiality of our data. Since a long time, we have been used to hearing about security incidents due to software bugs, poor access control and bad security practices. These are the scenarios that hackers like the most since they can exploit existing vulnerabilities and compromise systems with very valuable information and assets.
So everyone is wondering: how can we prevent powerful security agencies from having access to our data when they are stored in the cloud?
The first simple answer may be: well, why don’t we store our data on our premises? If we don’t outsource our data and protect our infrastructure, there is no risk. Wrong! Most of the time, your network/infrastructure is way more vulnerable than cloud providers’ infrastructures, hence your data wouldn’t be more secure at all. Cloud providers are subject to several regulations and security audits, therefore they make sure to implement all best security practices. Also, cloud providers can count on the expertise of several security experts among their employees.
Likely, the second answer will be: ok, got it, I will outsource my data on a secure cloud provider which will take care of encryption and enforcing other security practices on my behalf. Still wrong! If the cloud provider takes care of encryption, it means that somehow it has access to the encryption key, which means that it is able to decrypt and read your data at any time. For instance, this may happen upon a formal request issued by the authorities or because of a curious employee.
Well, looks like the only way to secure our data is to keep the encryption keys under our control, meaning that they should be stored on our premises. Also, the encryption and decryption operations should take place on our premises as well. That’s why recently several companies have proposed solutions called “cryptoboxes” or “encryption gateways”. In other words, they propose to deploy a “box” on your premises, which will take care of being an intermediary between end-users and the cloud provider. Sounds good, however this doesn’t completely solve the problem. Indeed, we still have to trust the company that produced the cryptobox: since the software installed is proprietary, there may be software bugs, security vulnerabilities, backdoors and other threats of which we aren’t aware. Also, most of the time, in order to preserve some functionalities like search, cryptoboxes apply a somewhat weak encryption which doesn’t fully guarantee the confidentiality of our data. Last but not least, as we found out recently, upon a request issued by a security agency the vendor may remotely provide access to our cryptobox (http://www.wired.com/2007/11/encrypted-e-mai/).
All this said, looks like there is no solution out there which can help us truly protect our data outsourced to the cloud. But let’s try to do a shortlist of the functionalities and strengths an ideal solution should have:
- Such a solution should adress not only confidentiality, but also access control, access monitoring, usage control and deduplication, which are functionalities for which the demand is raising;
- where possible, software components, especially the ones responsible of encryption, should be implemented using standardized and well-studied algorithms: it is safer to make use of algorithms (e.g. AES) which are globally recognized as being secure and reliable instead of relying on a proprietary algorithm which is likely to contain vulnerabilities;
- encryption keys should be randomly generated, securely stored on the encryption gateway and never shared with anyone, meaning that no one except your administrator should be authorized to acess it;
- as recommended by the best security practices, encryption keys should be constantly updated, so that your files are never encrypted with the same key.
So what’s the final solution against security agencies and crackers? Well, be aware that no solution will ever make impossible for a powerful attacker to have access to your data. The only thing you can do is to strictly follow the best security practices, use the state-of-the-art technologies and make the attack extremely costly and time-consuming. This way, you push back weak attackers and have a good chance to detect an attack while it is still ongoing. This is exactly what a good security product should do.
If you want to share your thoughts about this topic, feel free to leave a comment or drop us a line!