Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Even the most secure cloud storage may not be so secure, study finds

Brandon Butler | April 22, 2014
Some cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.

Representatives at Spider Oak, one of the vendors mentioned in the report who market having a "zero knowledge" service, said they agree with some aspects of the study's finding. Spider Oak encourages customers to use a desktop application to transfer files instead of doing so through the company's web portal. Using Spider Oak's desktop application will ensure end users are verified to unencrypt the data, eliminating the opportunity for the vendor to compromise the data. Upon signing into Spider Oak's service users are required to check a box indicating that they understand that to achieve true zero knowledge that a desktop application must be used.

SpiderOak says it hopes to allow collaboration services around its cloud platform, meaning data would be transferred within its cloud. To enable this functionality Spider Oak says it plans to use a combination of RSA secure identifications along with a key and encryption platform. It also hopes to provide users a way to securely verify the identity of whoever is viewing the files. Some vendors, like encrypted communication provider Silent Circle, use a voice recognition tool to provide this functionality, and Spider Oak says they are investigating similarly "elegant" ways to verify that data is only shared with people approved by its owner.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.