On the flip side, the cloud service provider must hold the decryption key in software, unlike a laptop which has a hardware chip (Trusted Platform Module) designed specifically to protect it. In theory, this means that a hacker who has successfully gained unauthorized access to the cloud service could conceivably acquire the decryption key and gain access to your encrypted data. It is hence important to understand that data encrypted at rest in the cloud is a world of difference from encrypting the data on a TPM-enabled laptop.
To enhance their security, some Web services make it a point to not hold the decryption key. For example, both Chrome and Firefox browsers use a scheme in which data is encrypted with a key derived from the user password before upload to the cloud. Moreover, cloud storage services such as SpiderOak have architected its service so that the decryption key is accessible only to the account owners.
With practically every Web service touting its encryption capabilities as evidence of its robust security, it pays to understand how encryption is implemented in order to make an informed assessment. As a general guideline, cloud services that allow you to edit your files from the Web browser are in all likelihood unencrypted when at rest or encrypted with a key that is held by the cloud service.
3. Considering the cloud to be infallible
Despite the advantages it offers, there’s no myth more dangerous about the cloud than its infallibility. Cloud service providers go to great lengths to put multiple levels of redundancies in place and to ensure that all data are adequately backed up. Unfortunately, even the most brilliant engineers can make mistakes, which is compounded by the sheer complexity of the cloud environment and the fact that cloud services are expected to be perpetually “live.”
Even Google has experienced at least one outage where multiple copies of data was corrupted, forcing it to turn to tape backups to recover data for some affected users. As it is, the batch nature of tape backups makes it highly plausible that some of these affected users could have experienced some amount of lost data – but they may not have realized it.
Technical issues aside, hacking and financial insolvency are probably the next two top reasons why cloud services fail. As we reported last year, a promising cloud service was abruptly put out of service after hackers gained access to their Amazon Web Services (AWS) EC2 control panel used to power their service.
In what appears to be an extortion attempt gone awry, critical data backup repositories and their backups were deleted as the hacker retaliated when the rightful owner attempted to regain control of the account. Unfortunately, the lack of off-site backups meant that irreplaceable data and systems could not be recovered, and resulted in the cloud service being shuttered.
Sign up for CIO Asia eNewsletters.