Security Corner

Apr 26 2011   12:08AM GMT

Beware Cloud Data Storage–Pre-encrypt



Posted by: Ken Harthun
Tags:
Cloud Computing
Data Privacy
DataManagement
Encryption

Before you consider a cloud storage solution, be sure you research their policies thoroughly. I have used Dropbox in the past based on these features (from their website):

Your stuff is safe

Dropbox protects your files without you needing to think about it.

  • Dropbox keeps a one-month history of your work.
  • Any changes can be undone, and files can be undeleted.
  • All transmission of file data occurs over an encrypted channel (SSL).
  • All files stored on Dropbox are encrypted (AES-256).

Well, alright, but consider this from their privacy policy:

Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.

So, Dropbox has the keys to the kingdom unless you encrypt the files yourself before uploading. And anyone on their staff, by extension, can decrypt your data. Not good.

If you want to maintain your security and privacy, pre-encrypt everything you intend to store in the cloud. If all the service has is pseudo-random noise in the first place, that it all anyone will get.

Trust no one when it comes to your data.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: