White Hats, Black Hats, & Data Protection in the Cloud

Posted by on Aug 1, 2013

Just mentioning the word “hacking” can be enough to send a wave of fear through most IT teams. With just a single breach, enterprises and businesses of all sizes could suffer intellectual property loss, stalled production, severe damage to their brand. But in this day and age not all hackers are alike. Remember the Spy vs. Spy comics from Mad magazine? The strip featured two spies, one in black and the other in white, caught in an ongoing war of trying to capture each other. For the tech world, “black hats” are the bad guys, devious hackers that corrupt systems and steal data for fun, ideology, or personal profit. “White hats” tend to be rehabilitated hackers, sometimes called “crackers”, that help governments and businesses protect their data by finding and reporting security vulnerabilities. But instead of trusting sensitive data to hackers seeking a profit, enterprises can secure their information by exclusively storing and syncing with a private cloud service.

White Hats & Black Hats

Image courtesy of scrapetv.com

As hacking and cyber-attacks become more and more common, both the private and public sectors have turned to white hat hackers. Some white hat security groups like ReVuln, have worked for governments ranging from North Korea to the United States’ NSA. ReVuln searches out network flaws and fixes them while exploiting flaws in the networks of enemy states. But trusting a firm to protect data from a nation like North Korea is more than a bit problematic when that same firm is also hired by North Korea. It’s like a real life version of Spy vs. Spy with higher stakes and both spies on the same team. Even if white hat hackers and security firms claim to only hack for ethical and legal reasons, do governments and enterprises really want to trust their most private and unprotected data to a group that can expertly exploit it? Even if a white hat hacker ethically discloses security flaws, the fact remains that such practices leave the most sensitive information vulnerable to breach, exploitation, or leak.

Grey Hat Hacking

Image courtesy of wileyisupdates.ca

One white hat hacker, Nuri Fattah, rose through the ranks to become the Senior Security Consultant for the NATO Communications and Information Agency. According to Fattah, “I put myself in the mindset of a hacker and simulate cyber attacks so that I can identify potential weak points in our systems and then set up appropriate defenses. At that time, I wanted to be challenged and find new ways to make systems misbehave. I was intrigued by how e-commerce sites guaranteed customers security on the Internet, so I started looking at how security was implemented, and how easily it could be bypassed.” Fattah found that there was a burgeoning market for people that could find security flaws with the ultimate goal of providing better protections in the end. Fattah says, “It’s basically a legal way of hacking into an environment in order to identify vulnerabilities and also to enable the decision-makers to identify the business risk to their own organization by exploiting those vulnerabilities.”

White Hat Hackers Helping the Government

Photo courtesy of dailydot.com

With people like Fattah moving into positions of high security, the practice of using white hat hackers doesn’t seem to be going away anytime soon. But with the right protections, such hackers could prove useful for tightening security. But before trusting your organization’s data to white hats, be sure to store anything confidential exclusively on a private third party cloud provider. That way, even white hats won’t have access to your most sensitive data. When seeking out white hat services, never hire a hacker that solicits by attacking first without your organizational permission. These hackers, known as grey hats, straddle the line of ethical behavior, and take part in such practices that practically amount to holding enterprise security for ransom.

Whatever security measures your organization takes, be sure to only rely on truly private storage. Otherwise, data remains vulnerable to hackers of all hats. And if the threat isn’t coming from third party hackers, it’s coming directly from the government. With the NSA’s controversial PRISM program still in place, some companies like Google, which have suffered from a damaged brand as a result of PRISM participation, are rumored to plan ramped up security measures like data encryption. But such rumors have yet to be substantiated by action or even a company statement. And users should be wary about trusting data to companies that have been far from transparent about making a profit off of users.

Protecting Your Savings

Finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to hacking and even governmental spying, given the recent NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.

SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue unchanged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.

Leave a Reply