The folks responsible for data privacy carefully review their cloud provider’s encryption measures. Encryption in-transit? Check. Encryption at rest? Check. Strong encryption key? Check. They breathe a sigh of relief at the right answers, sign the contracts and upload the data. Security hole closed.
Or is it? What guarantee do you have that your cloud provider will not access your data? None. In fact, encryption key holders or hackers can easily compromise data privacy in the cloud.
- Hackers: In 2012, the infamous group Anonymous hacked into a website that sold law enforcement equipment. The attack stole customer data and credit card numbers. The website owners initially assured their customers that the data was encrypted and thus unusable – only to discover that Anonymous had stolen the encryption keys too. The group publicly posted thousands of passwords and credit card number, a company and customer nightmare. Anonymous was able to act because the data and encryption keys were not secured.
- Holders: Service providers strive to provide the strongest features, internal processes, and infrastructure to guarantee data security, but those might not have any impact if the service provide is subpoenaed. While your service provider may not wish to provide copies of their customers’ data to a third party, a subpoena may force them to provide unencrypted copies of your files. Even a service provider with the most stringent security practices and encryption key management processes in place may have no choice. Given the recent NSA-driven concerns, the possibility that your unencrypted data could be handed over by your service provider is real threat.
Solutions?
Service providers are not blind to the encryption key problem and they don’t want to be blamed (read: sued) for letting it to happen on their watch. So they offer different options to secure your encryption keys. One common offering is to save your encryption key separately from your data and regularly rotating the encryption code. This is a good measure against outside intrusion, not so much against inside. As long as your provider can access your encryption keys then they can access your data. Privacy flies out the window.
Another way that service providers offer security is by making you do it. In this case you deploy a server on your site that houses encryption keys behind your firewall. Note that the cloud provider has cleverly taken the security onus off themselves and put it squarely on your shoulders – not exactly the optimal solution for cloud backup, which is supposed to relieve you of hardware and management complexity.
Instead of these “solutions,” we strongly suggest that you use two-factor encryption key management. There is no single encryption key to be exposed or stolen because the key is separated into two parts, one residing with the user and one in the cloud.
This technology generates a unique encryption key for each user session, and the user’s network password encrypts the token. When the user signs on with an authenticated identity the password decrypts the unique token and the token decrypts user for that user in that session. This token is immediately deleted following the end of the session. The service provider never has access to your encryption keys.
The result is extremely secure encryption key management that does not require the expense and overhead of providing your own key servers. You and your cloud provider can also dispense with closely monitoring employees, who understandably resent the implications.
You may have heard “What you don’t know can’t hurt you.” At Druva we think that’s nonsense. What you don’t know about cloud backup can definitely hurt you. Don’t get blindsided: download Druva’s white paper “5 Things You Didn’t Know About Cloud Backup” today.