Lock it Up: Security Onsite & in the Cloud

Posted by on Jul 1, 2013

After the fallout of the NSA PRISM scandal, companies have flocked to encryption services in droves. But many major enterprises still hesitate to fully protect their data. A recent Kaspersky Lab and B2B International survey of over 5,000 senior IT managers found that 35% of participating companies don’t properly encrypt data onsite, leaving massive gaps that expose sensitive consumer and corporate data to a security breach. Leaks, corporate espionage, and governmental snooping can permanently damage a brand, so companies looking to leverage technology in their favor stay ahead of the competition by encrypting sensitive data and utilizing private third party cloud services for storage and sync.

Onsite Encryption

Image provided by macobserver.com

Encryption technology has come a long way. In 1995, A U.S. intelligence official reported that “The ability of just about everybody to encrypt their messages is rapidly outrunning our ability to decode them.” Now, the National Security Agency has developed ways to tap into central servers to mine for mega data on consumers under the guise of security protocols in the war on terror. In the controversial PRISM program, the NSA has seized, stored, and analyzed big data on millions of consumers. But consumers and enterprises that trust their data to a truly private cloud service can have peace of mind knowing that even in the case of a subpoena or governmental snooping through PRISM, all that U.S. spies would be able to see are unreadable blocks of data. This is because encryption goes hand in hand with encryption keys, which are the catalyst for decoding encrypted blocks of data. According to the Princeton University computer scientist Ed Felten, “A key is supposed to be associated closely with a person, which means you want a person to be involved in creating their own key, and in verifying the keys of people they communicate with.” Many cloud services host plaintext data as well as encryption keys, which means that the company has access to information that some consumers and enterprises might think are private. So it’s important to choose a third party cloud service that doesn’t store plaintext and that uses peer-to-peer encryption with keys exclusively stored on approved user devices or servers so that the company doesn’t even have a copy.

PRISM Program

Image courtesy of idownloadblog.com

According to the Electronic Frontier Foundation’s Seth Schoen, the NSA scandal should be of concern to all users and enterprises. Some might not see any problem with governmental access to such mega data like IP addresses and phone logs, but even such seemingly innocuous information could be used to exploit and even blackmail citizens, consumers, and enterprises. And according to Justin Johnson of Late Labs, the PRISM controversy “is an important reminder that what we share online and communicate to others via technology can, and sometimes will, be seen by people that we didn’t intend to see it.” Both enterprises and consumers must be proactive in securing their sensitive data, for as John Simpson, Director of the Privacy Project at Consumer Watchdog, says, “These tech companies, and the government, know more and more about people’s private lives.”

Aaron Swartz, co-creator of Strongbox

Photo courtesy of ProgressiveVoices.com

Such a climate has sent a wave of paranoia through the web community as enterprises scramble to right truly private solutions in an attempt to win loyalty through positioning themselves as liberty and privacy advocates. One such attempt can be found in The New Yorker’s Strongbox. In an age when reporters have to worry about being monitored and whistleblowers can’t be assured of protections, Strongbox allows people to post tips and stories with a general amount of anonymity. The private uploading service operates like a private cloud and was developed on the open-source code DeadDrop by Kevin Poulsen and Aaron Swartz. Such steps show a high market demand for services that offer true data privacy and user anonymity.

Protecting Corporate and Consumer Privacy

But finding a truly protected third party cloud service can be a challenge as many third party cloud services on the market have vulnerabilities that leave private corporate and consumer data wide open to third party attacks and even governmental spying. One cloud storage and sync company that sets itself apart from the rest of the market is SpiderOak for general users and SpiderOak Blue for enterprises. This service provides users and enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy, so even in the case of a PRISM breach all the NSA would seize is unreadable blocks of data.

SpiderOak protects user and enterprise data through two-factor password authentication and 256-bit AES encryption so that all files and passwords stay private. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data whatsoever. This way, even if the PRISM program is allowed to continue, consumers and enterprises can relax knowing that their data and brand is fully protected. SpiderOak’s cross-platform private cloud services are available for users and enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

Leave a Reply