Encrypting your Cloud
October 2, 2012As with many technology developments, the past few years has seen the promotion of cloud computing go almost unchallenged. The feeling is: everybody should store their data - be it photos, music, or word documents - in the Cloud. And a growing number of people do.
"Cloud computing is the ability to access computing resources on demand from more or less anywhere," explains Gary Tyreman, president and chief executive officer (CEO) of the US-based software company, Univa.
But there are risks concerning the security your data and its vulnerability to cyber criminals.
An annual Norton Cybercrime Report suggests online crime cost the world economy an estimated $110 billion (88 billion euros) in 2011.
It also estimates that 556 million people have been victims of a cybercrime at some point during their lives. That is more than the entire population of the European Union.
Reducing risk with encryption
Encrypting your data makes it unreadable for people who aren't supposed to read it. You can usually unlock an encryption with a password. It won't make your data 100 percent safe, but encryption is a deterrent to hackers - a bit like a padlock on a bicycle.
"The encryption takes place before the data is sent to the Cloud," says Andrea Wittek, founder and CEO of BoxCryptor, a German company that offers Cloud-based encryption services. "This is necessary to protect your data and to make sure that your private and sensitive data remains private."
Wittek says encryption is especially important for companies which store financial data, employees' personal information, or proprietary secrets in the Cloud.
"The risk of a security leak or even a hacker's attack is very high as Cloud storage providers have a lot of data on their servers and that makes it a very attractive for hackers," says Wittek, whose company has customers in 30 countries.
But it can happen to individuals as well - even those who should be in the know.
Mat Honan, a staff writer for the tech magazine "Wired," had his entire digital life stolen by hackers in August. Twitter accounts, iPad, laptop and iPhone files, eight years' worth of emails and photos of his baby daughter were all stolen from his Apple iCloud account.
Sticky property rights
However, data encryption also comes with its issues.
One of those issues concerns the question of who retains the rights to the data when a third party encrypts it for storage in the Cloud.
Some companies, such as BoxCryptor, offer encryption software as a download. This means that BoxCryptor has nothing to do with the data itself - it only provides the software to encrypt it.
"The user always stays in possession of the data," says BoxCryptor's Andrea Wittek. "So, we as a company never touch your data."
But Univa's Gary Tyreman says it's trickier to determine who is responsible when data is breached or stolen.
"We see a number of organizations struggling with the intellectual property or the liability issues," says Tyreman. "The liability is if I take my proprietary data and put it into a Cloud and it gets hacked or somebody walks out the back door, who's liable for that? I think that stops a lot of companies [from using cloud storage] still today."
"Cloud providers will differ on who controls the data rights," says Mitchell Osak, managing director of Quanta Consulting. "Typically, an individual or company will retain copyright to their data. However, providers often require a non-revocable permanent license to what the user is storing in the Cloud. This is necessary for the provider to make backups, for instance, or to copy [data] from one machine to another."
More storage, more security
Cisco, a US-based network specialist, predicts cloud computing to grow twelvefold in the next five years. If that happens, the demand for more data security will also grow as more and more sensitive data is stored.
"The problem with sensitive data is that you don't know that you have sensitive data until your data gets stolen or your account gets hacked," says Wittek. "But then it is too late."