Encryption News

Myths of cloud storage security

By 20th August 2012 April 15th, 2019 No Comments

Cloud storage explosion!

Cloud storage has exploded in the last 24 months, and has become the predominant file and folder storage mechanism globally.  Recently whilst interviewing a small service provider in the UK the director told me that their company stored over ten petabytes of data for their clients.  Most of these clients were small companies and high net worth individuals.  Interestingly enough the data was not stored in an encrypted format. A couple of questions immediately came to my mind – “What are these people storing in the cloud? Do they even know the security risks of storing their data?”. There is no clear answer, that is because these days a lot of our personal and business life is being stored in the cloud and we are not even aware of it. The data varies from Personal data to Business Critical. When we make a purchase on a site, all our data is getting stored by the e-commerce company. We use webmail applications like Gmail, Hotmail and Yahoo, again all our emails are being stored in the cloud. With applications like Dropbox and Google Drive, which make life so easy to store files, we are storing everything in the cloud. These days, we consider cloud storage as just another memory disk. Corporates are using shared cloud folders to store important corporate documents. Makes it easy to share documents. We consider the cloud more reliable than even our physical storage devices.

Seeing the need for online cloud storage, lot of ISPs and small time service providers are jumping into setting up businesses to provide cloud storage and file backups. People are literally running these businesses from their bedrooms without even the customers knowing. This is getting very scary. I have even heard people looking at others data in the cloud just to get the pleasure of peeking into others lives. This is even scarier.

Lot of cloud based applications like Kashflow and DayOne are now switching to Cloud storage instead of utilising their own servers. They are pushing the responsibility on us and we have to look into its security.

There are definitely advantages of having the files stored centrally and its insurmountable. The files are now highly accessible no matter your location and someone else is backing the files up and ensuring they are available to you were ever you go. With the ease of use and all the advantages of cloud storage, it is now unavoidable to live without it. Lot of individuals use the cloud storage as backup image of their local copy.

It is estimated that in the next coming years, cloud storage is going to get bigger and bigger. Gartner Says That “Consumers Will Store More Than a Third of Their Digital Content in the Cloud by 2016”

Why is our data not secure?

There are two types of data that we store in the Cloud. Application data and the other is documents like Word and Excel files. When we talk about Application data, they are stored in their proprietary formats and we do not have any control on their format or data security. This type of data is restricted to just application that are using the cloud storage. But most of the data that we store in the cloud are general documents like Word, Excel files and Photographs. These documents lack the basic security features in them. And since they are open formats, its very easy to crack the documents passwords that are applicable to them. Image files, unfortunately don’t have the ability to secure them.

All the Cloud storage companies claim that they encrypt our data. But do they really do that? Can we trust them? Go to google and do a search on Dropbox vulnerability and you will know what I am saying. All claim that they are very secure and safe, but the bottom line is you have to decide if you want to trust them.

How do I secure my data?

We have to live with the fact that cloud storage is going to become a predominant part of our IT infrastructure in the coming years. We have no option but to adopt to it. I firmly believe that our data is secure as long as its in our domain control or in our machines, the minute it leaves our machine, its unsecured. It depends on us now, how we secure our data.

The only way to ensure that your data is read by authorised users is by making sure some level of access control is applied to the file or folder.  Access control is like a checkpoint that verifies the identity of the individual or group and ensures that the person accessing the file or folder is in fact the person that is authorised to do so. But still you have no control on what the service provider can do with your data. Setting up access control at least provides a level of indirection and you are able to control, who all can access your data. Just by putting a password protected file does not ensure that your data is fully protected, you have to use encryption to store your files. Encryption has been used by people for thousands of years and dates back to 1900BC.  The Egyptian pharaohs used encryption to keep messages secure so only authorised recipients of the message could decrypt the message. Encryption ensures a very high level of indirection and depending on the type of encryption, it can make it near impossible to view your data.

The Galaxkey Solution

Galaxkey is a Global leader in cloud and Email security, which enables the sending, receiving and storage of secure email and documents through the Galaxkey security Platform.

The Galaxkey Document security solution compliments the Galaxkey platform with a client component enabling the securing and sharing of documents.

The security platform provides a user with an identity based security model, enabling users to use a singular unique identity for securing both emails and documents. The platform provides an excellent portal for user provisioning and deployment enabling easy identity management for corporate and consumers alike. The identities on the platform are completely secured with derivatives of user provided password; ensuring secure user access. The administrators of corporate users have full control of their corporate user’s identities and data, while users maintain complete knowledge of their identity usage through the platform.

The Galaxkey File Manager provides a easy to use tool to secure documents just on a click. All the hassles of securing is managed by the File Manager itself. The user has the ability to not only secure documents, but he can also secure and share the documents. The system automatically adds new users who are not yet registered with Galaxkey by sending them invited. The identity details required by the Galaxkey File Manager, to secure email for the recipients, are automatically and securely transferred from the Galaxkey security platform to the File Manager. This transparent functionality allows the users to use the document security without the hassle of the identity management. The File Manager enables users to secure document on the machine and also on the cloud storage.

Galaxkey incorporates the necessary security solutions to achieve a robust document solution without compromising ease of use.

 

The Galaxkey Technology

Galaxkey incorporates the necessary security solutions to achieve a robust email solution without compromising ease of use.

The Galaxkey solution incorporates the following security features when managing user identities.

1. All communication between the client (File Manager) and the Galaxkey server is always over an encrypted SSL tunnel, ensuring that the transfer of information is always secure.

2. The User uses their registered email address and password; the derivatives of these credentials are used as the user’s identity. The identity is securely managed on the Galaxkey server and secured by the authorized user’s credentials. The identity downloaded onto the user’s device is always secured using derivatives of the user’s credentials ensuring complete security.

3. File security is accomplished through the use of user’s identity. This high security mechanism is transparent to the user, thus enabling ease of use of the Galaxkey solution. The complexity of securing and transferring of identity is entirely managed by the Galaxkey server and File Manager. This functionality keeps the solution simple to use. The user writes and sends the email, in the knowledge that Galaxkey Security is working transparently in the background to secure the data.

 

Benefits of the Galaxkey Solution

Quick Deployment and Easy Operation

Galaxkey is a secured Identity based and cloud based model for quick and easy deployment both corporate and in consumer environments

Within minutes Galaxkey can be deployed within a corporate environment. Securing your documents in the cloud is as easy as installing a simple application on the client machine. Galaxkey is completely transparent, working in the background relieving the corporate and user of any identity management complexities.

 

Security Encryption

1. Galaxkey provides compliance to Government regulations and Industry mandates related to email encryption and security, audits and policy enforcements using FIPS140-2 encryption technologies.

2. FIPS 140 is a US Government standard that defines a minimum set of the security requirements for products that implement cryptography. This standard is designed for cryptographic modules that are used to secure sensitive information. The encryption modules can be safely run in FIPS only enabled environments. (Encryption strength and algorithms needs to be added here and clarified)

3. Secures the entire document content including the attachments. It does not matter what the file format is.

4. A user can secure documents using Galaxkey File Manager on a click on a button. The secure document can be secured for himself and also secured to be shared by other Galaxkey users. Only the users for whom the document is secured can access the documents.

 

Summary

There is no way we can move away from storing our data and documents in the cloud, hence ensuring that we take care of securing our own data is the best way moving ahead.