Information ownership in cloud storage services is equivalent to the knowledge of the secret cryptographic keys used to encrypt the files. If the service provider knows the keys or can deduce them, encryption does not protect your privacy and it is a waste of time and energy. Encryption is only useful when you and only you know and control the cryptographic keys used to protect (cipher) your information.

But security by encryption also depends on how that process is done. If the cryptographic algorithm is run in computers such as those we use every day, unsuspected malware can also be installed and can spy the cryptographic processes. In such a case, the spying malware can see, copy, and thus the entire secret is uncovered

Encryption and decryption processes have to run in a dedicated computer whose software is properly certified, and such a system should remain in such state of grace all the time. Those computers have to be operated following tight and simply enough procedures to assure that they do exactly what they are supposed to do and that no alien processes ruin their security.

In cloud storage services it is reasonable to worry about data being saved in a remote storage system as it might become vulnerable. There is always the possibility that a hacker will find a back door and access your data in the cloud; hackers could even steal the physical machines on which your data are stored. Even more, it is not difficult to imagine a disgruntled employee altering or destroying your data using his or her authorized credentials. In such cases, you are losing access to your data, but if they are encrypted, their confidentiality is protected. Cloud storage companies invest a great deal of money in security measures to limit the possibility of data theft or corruption; however, if they fail, you pay the consequences.

Cloud Service Providers do not guarantee security

Cloud Service Providers offer flexibility and cost savings to SMB companies

Cloud storage companies live and die by their reputation. It is in each company’s best interests to provide the most secure and reliable service as possible. And they can do it better if they reduce the amount of risk that they assume. By working with encrypted data that they cannot decrypt, storage cloud providers can concentrate on providing file good redundancy and integrity to assure their clients that no file will ever be get lost or altered. If a company cannot meet these basic client expectations, it does not have much of a chance.

Jorge Dávila

 

Share This