SourceSome cloud storage providers who hope to be on the leading edge of cloud security adopt a "zero-knowledge" policy in which vendors say it is impossible for customer data to be snooped on. But a recent study by computer scientists at Johns Hopkins University is questioning just how secure those zero knowledge tactics are.
Zero knowledge cloud services usually work by storing customer data in an encrypted fashion and only giving customers the keys to unencrypt it, rather than the vendor having access to those keys. But the researchers found that if data is shared within a cloud service, those keys could be vulnerable to an attack allowing vendors to peer into customer data if they wanted to. The study casts doubt over these zero-knowledge clouds and reinforces advice from experts that end users should be fully aware of how vendors handle their data.
Zero knowledge cloud vendors examined by the researchers - in this case Spider Oak, Wuala and Tresorit - typically use a method where data is encrypted when it is stored in the cloud and only unencrypted when the user downloads it again from the cloud. This model is secure. But, the researchers warn that if data is shared in the cloud, meaning that it is sent via the cloud service without the user downloading it on to their system, then vendors have an opportunity to view it. "Whenever data is shared with another recipient through the cloud storage service, the providers are able to access their customers' files and other data," lead author Duane Wilson, a doctoral student in the Information Security Institute at the Department of Computer Science at Johns Hopkins University, was quoted as saying in a review of the report. View the full PDF of the report here.
A Guy
Most of the online storage solutions that I've seen only store one copy of a file. Thousands of users might be paying to store the same file, but only one copy (not counting the vendor's backup copies) is stored in the cloud. To do that, the vendor must know/use the encryption key.
It is fine to say that it would be more secure if each user had/used a unique key, but each user might end up paying more.
It is simple to me.
1. Only put your data with someone else if that is the only option you have.
2. Cloud usage is growing very fast and Cloud security isn't keep up.
3. Only you will treat your data with the proper security and tender loving care.
4. If #1 applies to you get another option.
But you can make is very hard for them to do so. Nested truecrypt volumes are pretty hard to crack. It would be simpler/quicker to just infect your computer and steal the passwords.
Is your data safe from an event like fire/flood?
If one want to protect from fire and flood it can be done.
You could choose a fire proof and water proof containers for hard drives.
I read a lot more about things being hacked that I do about floods and fires destroying data.
It would be interesting to compare the data loss numbers for hacked vs. fire/flood for private (non-business) data...
...if only such data was available.
I use Dropbox and have quite a bit of space on it for free (87GB to be precise) obtained from referrals, etc. and i would like to ask you if Dropbox is worthy of security in terms of storing things that you would not want compromised.
Dropbox has a site somewhat explaining their security here
Are the ones that you mentioned (Spider Oak, Wuala and Tresorit) better than Dropbox in a sense of encryption methods? Being that this cloud storage there is no way to be 100% secure, correct me if i'm wrong.
I'm looking for just decent encryption at the cheapest cost (If not free, even). Something that would make it worth transferring my data to another storage service and losing my 87GB
Well...
Dropbox drops the security notification ball, again
But then again, are they any different? I think you'd be well served to find out the best ways to secure your current info
6 Ways To Secure Your Dropbox Account
How To Add a Second Layer of Encryption to Dropbox
Another question is how much of that data is actually a liability to you if it was seen? Account info, tax info, etc. Does it all need to be uber secure, or could you go to extra steps to just secure that data that could harm you?
A Guy
I've actually ran across and browsed all of the articles that you've mentioned, but i appreciate you taking the time to look in to it for me.
And no, there is only 1 or 2 things that i wouldn't want people to see on my Dropbox and even those aren't major.
I was really wanting to figure out if the Cloud Storage services you recommended previously were a better way to go in terms of security, or reliability, as I've had an error occur recently with the Windows Dropbox application and lost some data.
Quote