As the months pass it seems that Edward Snowden will always feature somehow within the news, either by his own rite or as a passing comment about some scandal or other. Consequently the NSA scandal is often brought back in people’s minds, and concerns about cloud security are revived all over again The PRISM program shook the foundation of global confidence in the privacy of data within cloud. Moreover, this has resulted in the unfortunate situation where both home users and businesses shying away from migrating to the cloud. This is a shame as the cloud make a massive difference to both company efficiency and saving costs. Analysts have even stated that roughly $35 Billion has been lost within the cloud industry as a direct result of the NSA scandal. This is on top of the recent blow felt by the cloud industry where cloud stocks fell a whopping 26% in 6 Weeks. So what are cloud providers doing wrong?
It has become common practice for data storage providers to explicitly state in their ‘Terms of Service’ that, much like with doctor patient confidentiality, they legally cannot, and will not, show or give any of your data to the government unless you have been deemed a national threat. From what the reports show, this was not the case for those who had their privacy invaded by PRISM. Therefore, if the storage providers did not provide the government with the data, how did they get it?
One theory is that the files were hacked. Oftentimes cloud storage providers aren’t as secure as we would hope. Cloud storage providers are proud of the great lengths they go to, to protect your data. They all guarantee secure, password protected storage with impressive high-levels of encryption. For example, in this JustCloud review, we can see that they use 256-bit encryption. This is valued as amongst the best levels of encryption and is hailed as military grade. Many other providers only use 128-bit encryption which is the same level that is used by banks and other major financial institutions. Now, military grade encryption would suggest that all data stored will be un-hackable, so once again we are left with the question of if they were not hacked from the datacenters, how did the government do it?
The answer lies in the file transfer. Files are only encrypted and password protected once they are stored on the company’s datacenters. However, files are at their most vulnerable when they are being uploaded to the datacenters. This is key as your files are transferring through the internet at a much weaker protection than they will be stored. This does not mean to say that any person wanting to access your files can just steal them during transfer. Yet, this was the perfect opportunity for the governmental powerhouse, with their masses of resources, to access as much personal data as they desired.
So what does this mean for the cloud storage industry? Well, many providers have adopted the practice of adding pre-transfer encryption to their storage protocol as standard. Others have taken even more precautions by triple encrypting the files: pre-transfer, on arrival to the datacenters and once again when they are stored.
The cloud industry is working tirelessly to optimize cloud security and ironically enough, the time when your files are safest would be right now. With so much pressure on the government to leave private data private, as well as for cloud storage providers to ensure optimal security, your files will never have had as much care.
Natalie Lehrer is a senior contributor for CloudWedge. In her spare time, Natalie enjoys exploring all things cloud and is a music enthusiast. Follow Natalie’s daily posts on Twitter: @Cloudwedge, or on Facebook.