The old tale "The Emperor’s New Clothes" can be applied to the current state of cloud security. Like the gullible emperor, people rely on cloud services to live their online lives and are too trusting in what companies try to sell. Big cloud companies often market fancy-sounding security and encryption features -- like the invisible fabric the emperor could not see but was made to believe was there.
These cloud providers tout “the most secure” or “NSA-proof” services, but leave out the most vital detail: encryption is only one thread in the security and privacy fabric. The only way to close the loop on data privacy is to take a look at where keys are stored.
One cloud storage provider touts its server-side encryption as freeing customers from the hassle and risk of managing their own encryption and decryption keys. In reality, this leaves the user’s information vulnerable to snoops. When you aren’t managing your own keys, you don’t have control over your data.
Essentially, letting a company manage your encryption keys is handing over your protection, or clothes, like the emperor wearing the invisible wardrobe. Your data is left vulnerable to outside attacks and elements because the server or company dictates what happens to your data.
Today, many cloud service providers deliberately provide server-side security to maintain control. But server-side security requires trying to defend everywhere user data is stored: every disk, every server, every link, every router, and every database. Security is only as good as the weakest link, so it only takes one tiny mistake, vulnerability or mishandling for there to be a data breach; the Snapchat hack earlier this year is an example of what can happen.
This focus on infrastructure security is fundamentally weak. Pieces of security don’t add up to overall security. Individual “bits” might be strong (e.g., SSL for links, disk encryption for storage), but the space between the bits might be vulnerable (i.e., data coming off links or off disks is unencrypted). Hackers don’t attack individual components; instead, they attack tiny vulnerabilities between components, processes, or human control.
For cloud users to control everything “client-side,” they must make a paradigm shift from infrastructure protection to data-centric protection (where the encryption keys are held client-side rather than server-side). Client-side encryption is just like putting data in a tamper-proof box: The contents will remain protected regardless of who handles it, how the box is transported or where it is stored. The data is protected anywhere, everywhere and remains individually encrypted until the user with the key unlocks it.
[Read about an industry effort to develop a framework that provides secure connectivity from any device to cloud applications in "Cloud Security Alliance Launches Secure Network Effort."]
Client-side cryptography allows users to protect their own data with individual, per-file encryption and protect access to that data with user-controlled keys. Note that the encryption, decryption and key management are all done on the end user’s computer or device, meaning the data in the cloud only exists in its encrypted state. This level of encryptions makes the data safe from all the usual cloud risks, including hacking, rogue administrators, accidents, complicit service providers, and snooping governments.
It’s also important to emphasize document-level encryption, because if a person sends a file of multiple documents and there’s only one layer of client-side encryption, someone may still be able to break the cipher. Think of it as locking every room in the house rather than merely the front door. Document-level encryption and client-side key management gives users both security and privacy.
Privacy is user empowerment. Privacy in the file-sharing world is only possible when users can protect their data with client-side encryption and control who accesses that data with user-controlled keys. Data-centric security and privacy is holistic, end-to-end and user-to-user.
The secure file sharing industry must reject the false claims of server-side key management, or the invisible fabric of privacy, and finally provide real clothing for customer data in the form of client-side key encryption.Rick Harvey is the chief technology officer of Lockbox and an encryption expert based in Australia. As a security technologist, he's been an advisor to the government, VCs and high-tech startup companies. View Full Bio