How secure is your cloud? When encrypted isn’t really encrypted…

In today's increasingly privacy-conscious world, cyber security is a hot topic; especially when we're talking about cloud storage. Businesses and individuals are rightly nervous about the safety of their personal data, and often turn to encryption as a way to help keep it safe.

But, not all encryption is created equal. Many cloud services (Dropbox, Amazon S3, Box, and others) advertise that they provide encrypted storage and, although this is technically true, the server-side, at rest encryption they offer as standard does not, in reality, do very much to protect your data.

What is encryption?

In simple terms, encryption is the process of turning information which can be read by a human being (the 'plain text') into a garbled stream of data which is unintelligible (the 'encrypted text'). These days, it is almost always a computer-driven process using two keys: a public key used to encrypt the data, and a private key used to decrypt it.

What is the problem with server-side, at rest encryption?

The first rule of encryption is that you never share your private key. Not ever, with anyone, for any reason. The reason for this is pretty obvious: anyone who has access to your private key can decrypt and read all of your data in plain text.

With server-side encryption, you send your data to the cloud server. Only when the data arrives at the server is it encrypted, then it is decrypted again on the server before travelling to you each time you access it. This means that your private key is stored on the server, in the hands of the cloud storage company, and in the same place as your data.

If someone hacks into the cloud server, they can use your encryption keys to access every byte of data you've stored. Worse, any employee of the storage company can access your data using your keys, because they have access to them.

End-to-End Encryption

All is not lost, however. Encryption used correctly can still offer outstanding levels of protection for your data. In fact, used successfully, encryption is theoretically unbreakable.

As a responsible business owner, or even an individual looking to protect their personal data, what you should be looking for is 'End-to-End Encryption'. Also known as Zero Knowledge Encryption, this is where your data is encrypted and decrypted on your device, before being sent across the internet to the server.

The principal advantages of end-to-end encryption are 1) that you maintain control of your encryption keys because they are kept on your device, and 2) that unencrypted, or 'plain text', data never leaves your device, so nobody can have access to it who should not.

Several commercial providers of cloud storage, including Sync.com, Spideroak, and Tresorit offer end-to-end encryption, and you can talk to us for a bespoke solution for protecting your personal data in the cloud.