The common misconception is that data stored in the cloud is secure if the system uses SSL and the website address has https:// in front of the website address.
The padlock means that the site has a digital certificate, and that data sent between the client and PC will be encrypted. It does not mean that any data stored on the site is encrypted or protected. If you are using one of the many cloud storage systems such as Office 365, Dropbox etc what does this mean for you? That depends on what type of data you are storing in the cloud.
Well if someone was to capture the data flowing between you and the datacentre that housed the storage solution you are using, the encryption would make it very hard for them to reconstruct the data in to anything meaningful.
The scenario above is unlikely to happen to most companies because you would need to be the target of a focussed attack. What is more likely is that your credentials will get stolen and the attacker will gain access to your account and all your data will be available to them over a secure connection. At that point it won’t matter that your data is encrypted whilst in transit as it will be readable to whoever logs in as you.
There is really only one option for highly sensitive data and that is to encrypt the data within the files so that the files themselves require some other method key to read them even if your account is compromised.
There are a number of ways this could be done, you could at a basic level password protect all your files, this is easy for some files such as Word or Excel. Earlier versions of Office used encryption methods that could be easily broken but the newer versions such as Office 2016 use 256-Bit AES encryption which is considered secure. This is fine if you just have a few files, but the problem is that this wouldn’t be practical and would be really time consuming for folders with 000’s of files.
This method really doesn’t scale well and has some inherent weaknesses when you try and use this with a team, including the distribution of the password this is often the area that gets lost or shared amongst others.
The CloudAshur solution we are starting to use allows the user to encrypt selected files and folders. The encryption chip inside the usb stick would normally encrypt the data stored inside it, but in this novel approach the encryption chip is used to encrypt files stored in other systems.
The system uses military grade encryption which is more than enough for most companies. The AES-XTS or AES-ECB 256-bit Hardware Encryption with FIPS PUB 197 certified USB 3.0 encryption controller is extremely secure.
IF you are in the situation where you need to protect data in the cloud then please contact us and we can look at the requirements and advise on the best way of protecting your data.