A recent study by researcher at Johns Hopkins University questions how safe are the tactics of “zero knowledge” undertaken by some providers of Cloud storage
The study identifies serious weaknesses in the security and confidentiality of data stored in alleged “safe” clouds . According to the study , users should investigate in detail how suppliers manage their data. The cloud providers analyzed by researchers (Spider Oak, Wuala and Tresorit) typically use a method where data is encrypted when stored in the cloud and is only decrypted when the user downloads it from the cloud.
But the service providers might watch the contents of the documents if the data is shared with other user of the storage service. Usually these providers have an intermediary service that verifies the user before providing the keys to encrypt data. Researchers have found that suppliers can sometimes provide their own verification. This represents an opportunity for providers to offer false credentials that would decode the data using a very similar precedure to the attack known as “man in the middle”.
Fortunately, there are no news about commited data so far, but the possibility has been discovered and vulnerability is much greater than thought in this alleged “safe” services.
SCAPE Solutions could be of help in guaranteeing the data management is made in a safe way keeping the data encrypted at all times, avoiding sensitive data leakages and supressing those aforementioned weaknesses of “secure” cloud storage services.
NewsWise.com, Original Johns Hopkins U Study, NetworkWorld.com, JHU
Credit card details (names, credit card and social security numbers) from almost half of all South Koreans have been stolen and sold to marketing firms. The data was stolen by a computer contractor working for a company called the Korea Credit Bureau that produces credit scores.
Last december another crime was committed against Target US retail. The company says up to 70 million customers had payment card and personal data stolen from the company’s databases. These data includes card numbers, names, postal addresses, phone numbers and email addresses.
This kind of cyber-crime could be avoided or minimized applying strict security policies, saving millions of dollars in indemnifications to the companies. Solutions provided by SCAPE could be of help in guaranteeing the data management is made in a safe way, avoiding sensitive data leakages.
For the average citizen, the problem is not who spies on him or her, but to whom he or she is voluntarily transfering private data. There are doubts about how this private information should be managed and by whom.
El País, 14 – 11 – 2013
Criptonube, CloudSEEP and SafeGDocs provide solutions for automatic privacy protection, so that the data can be effectively managed and processed without transfer the actual clear-text data. This implies a full privacy protection.
Read more at (in Spanish):
Everything changed when news of the U.S. government’s PRISM spying program came to light. In an instant, we went from assuming our dealings online were mostly kept private (or as private as we wanted them to be) to knowing that virtually nothing is out of bounds, not even instant messaging conversations.
CloudSEEP, Criptonube and SafeGDocs provide effective solutions to fill this gap and fully protect sensitive data, accounting for user privacy needs and enabling secure Cloud services.
Read more at: http://news360.com/article/209987833
Francisco Ginel, director marketing of security products and services at Telefonica Digital, explains there is a big distrust towards the United States and many look for securing their data. The Snowden case is having not just political but also economics consequences for the IT companies under the American laws, mainly due to the power granted to the secret services of this country.
The Cloud Security Alliance pointed out in a recent survey from July –made to 207 companies from outside the U.S.– that more of the 56% of the companies were reticent to use services providers from that country. Moreover, a 10% of them even also cancelled projects related with it. These reservations are not only extensible to the private sector, but also some countries like Sweden or Brazil have already started taking measures to stop using their cloud services.
Some foresights predict that if there are no changes in the current legislation, many business opportunities could be lost until 2016 for a value of 25.6 billion euros. However, until the moment none of the big companies involved (Google, Yahoo…) have recognized a loss of clients.
Snowden case has caused great lessening of trust of the U.S. data storage providers, encouraging EU companies to move their data to another countries. Solutions offered by SCAPE, with CloudSEEP or Criptonube will help in keeping data safe and accessible even during its processing in untrusted environments, such as the ones based on cloud services.
Source (in Spanish): El País