We have seen that a Safe Cloud is an asset that improves the business performance of organizations and companies, but an aspect which little has been said so far is the potential to assist the economic development of countries. From this point of view, trust becomes a vital element. Microsoft has recently published a paper in wich it develops this issue.
Regulations and laws try to protect the user of the Cloud, but technological tools that allow complete trust in cloud storage services are necessary as well. SCAPE may play an important role in this regard, as it has developed effective and preventive solutions from a technological point of view.
A recent study by researcher at Johns Hopkins University questions how safe are the tactics of “zero knowledge” undertaken by some providers of Cloud storage
The study identifies serious weaknesses in the security and confidentiality of data stored in alleged “safe” clouds . According to the study , users should investigate in detail how suppliers manage their data. The cloud providers analyzed by researchers (Spider Oak, Wuala and Tresorit) typically use a method where data is encrypted when stored in the cloud and is only decrypted when the user downloads it from the cloud.
But the service providers might watch the contents of the documents if the data is shared with other user of the storage service. Usually these providers have an intermediary service that verifies the user before providing the keys to encrypt data. Researchers have found that suppliers can sometimes provide their own verification. This represents an opportunity for providers to offer false credentials that would decode the data using a very similar precedure to the attack known as “man in the middle”.
Fortunately, there are no news about commited data so far, but the possibility has been discovered and vulnerability is much greater than thought in this alleged “safe” services.
SCAPE Solutions could be of help in guaranteeing the data management is made in a safe way keeping the data encrypted at all times, avoiding sensitive data leakages and supressing those aforementioned weaknesses of “secure” cloud storage services.
NewsWise.com, Original Johns Hopkins U Study, NetworkWorld.com, JHU
Francisco Ginel, director marketing of security products and services at Telefonica Digital, explains there is a big distrust towards the United States and many look for securing their data. The Snowden case is having not just political but also economics consequences for the IT companies under the American laws, mainly due to the power granted to the secret services of this country.
The Cloud Security Alliance pointed out in a recent survey from July –made to 207 companies from outside the U.S.– that more of the 56% of the companies were reticent to use services providers from that country. Moreover, a 10% of them even also cancelled projects related with it. These reservations are not only extensible to the private sector, but also some countries like Sweden or Brazil have already started taking measures to stop using their cloud services.
Some foresights predict that if there are no changes in the current legislation, many business opportunities could be lost until 2016 for a value of 25.6 billion euros. However, until the moment none of the big companies involved (Google, Yahoo…) have recognized a loss of clients.
Snowden case has caused great lessening of trust of the U.S. data storage providers, encouraging EU companies to move their data to another countries. Solutions offered by SCAPE, with CloudSEEP or Criptonube will help in keeping data safe and accessible even during its processing in untrusted environments, such as the ones based on cloud services.
Source (in Spanish): El País