Client-Side Encryption: The Latest Trend in Cloud Storage
Once upon a time, the United States government was a strong advocate for phone encryption. They encouraged iPhone users, for example, to take advantage of the four-digit passcode option to keep their phones more secure. Apple’s recent iOS 8 Update even took encryption to the next level: all important data, including photos, messages and more, is now encrypted by default, and not even Apple can access phones locked with a pin or password.
Recently, the government has shifted gears, claiming that advanced encryption technology like this gets in the way of proper FBI investigation. Though they deny it was intentional, the FBI recently removed cell phone encryption tips from its website, too, causing many to believe that what was once made a serious issue is now unsupported by the government.
Whether the FBI supports it or not, encryption is necessary in all realms of technology, especially when using the cloud. Many cloud storage users store personal information on their clouds and can’t take chances on this information being hacked. Sadly, hackers have proven that popular cloud storage providers like DropBox and iCloud are easily infiltrated, which shows that standard security systems offer insufficient protection.
Forward-thinking cloud storage providers should look to client-side encryption for the most advanced privacy and protection for their users. With asymmetric cryptology technology, client-side encryption is performed with a passphrase that only the user knows – even the cloud provider cannot uncover lost passphrases. The result? Military-level security for business and consumer use.
When storing sensitive data, this kind of security is necessary. By comparing and contrasting client-side encryption to end-to-end encryption, one can see that the client-side method provides more peace of mind for cloud storage users, especially when considering the high-profile hacks end-to-end encryption is responsible for.
End-to-End Encryption vs. Client-Side Encryption
Historically, most service providers have relied on end-to-end encryption, but this method is under serious scrutiny. With end-to-end encryption, data is encrypted on the sender side so that only the receiving party can decrypt it. It’s meant to keep files safe during transfer, but both ends are left vulnerable.
Client-side encryption, on the other hand, eliminates the potential for service providers to view stored data. With this method, files stored in the cloud can only be viewed on the user side of the exchange. A personal passphrase unavailable to service providers is required to encrypt and decrypt information, guaranteeing that only users can decrypt data. This zero-knowledge policy prevents unauthorized disclosure of private information, ensuring that service providers will never know the content, file names or file types of the data cloud users store. Corporate and personal data is often sensitive in nature, and it shouldn’t be blindly entrusted to simply any cloud storage provider. This gives peace of mind to both personal and business cloud storage users.
Client-side encryption users also don’t have to worry about losing stored information. This is a major concern for both consumers and businesses, and both client-side encryption and end-to-end encryption allows the owners of lost or stolen devices to preserve data that is stored in the cloud and reset passwords to ensure that personal files don’t end up where they shouldn’t. The more sophisticated client-side encryption, however, also enable users to encrypt data that is stored on their devices, not just what’s on their cloud. Either way, users have the flexibility to protect it with the same high-class encryption model.
Why Encryption Matters: Facts on the Hacks
When users are storing sensitive documents on the cloud, they want the comfort in knowing these documents stay secure. As you can see, although it’s promoted as a “safe” option, end-to-end encryption is not enough. The use of end-to-end encryption has led to several highly publicized information leaks. In September 2014, several nude celebrity photos leaked on the Internet and were ultimately linked back to the celebrity’s iCloud accounts. In response, Apple claimed it hadn’t been hacked, but eventually word got out that Apple and iCloud accounts lack the security measures to prevent hackers from simply guessing at account passwords until they gain access.
This technical issue with Apple has since been fixed, but the scandal caused many to question the security of iCloud and other providers that use end-to-end encryption. Another popular cloud storage provider, Dropbox, faced a similar incident in October 2014. A thread that contained links to files containing hundreds of usernames and passwords for Dropbox accounts was released on Reddit, giving millions of viewers access to the private information. Dropbox responded that they hadn’t been hacked, but that third party services had stolen the information and posted it online. For many users, though, the damage had already been done, and end-to-end encryption was to blame.
The most recent security scandal occurred this past November when Sony was hacked by a group identified as the “Guardians of Peace.” What was believed to be the work of North Korea in response to “The Interview,” a film that depicted the assassination of country leader Kim Jong U, these hackers stole sensitive company emails and cuts of films still in production. Though this doesn’t exactly fall under the topic of cloud storage, it’s still a great example of a large corporation losing track of security measures. It also poses the question, “If a company like Sony can’t prevent its files from being hacked, who can?”
Bottom line, end-to-end encryption can clearly still lead to information breaches. These examples are just three of several cybersecurity hacks that have occurred over the past few years. If cloud storage providers like Dropbox and iCloud had used client-side encryption instead of end-to-end, they might not have found themselves in such predicaments.
Viewing the Cloud as a Virtual Safe
Cloud storage should be ultimately treated like a virtual safe. If you’re the only person who knows the combination to your safe, you are the only person who has access to the information inside. This guarantees that the information stays safe and secure. If you give someone else the combination to your safe, that person now has access to sensitive data. Though the person may be trustworthy, there’s still a chance that the information could somehow end up in the wrong hands.
Using end-to-end encryption is like giving someone else the combination to your home safe. Even if you trust this person, you can never be 100 percent sure that your stored information is safe from unwanted intrusion. With personal information like medical records or financial documents, this isn’t the kind of risk you want to take. Client-side encryption is the safer option because only you have the passcode (or in this case, safe combination) to access your most valuable possessions.
Not all information needs to be stored in a safe, meaning not all information on the cloud needs to be encrypted. On the kitchen table at home, for example, you’ll find coupons, recipes, receipts and other everyday items that don’t need to be stored in a secure place. In a personal safe, on the other hand, you’ll find important, confidential information locked up, such as wills, bills and medical documents. When storing files on the cloud, users should be selective about which ones to encrypt. For sensitive documents that you’d keep in a safe, this added step makes sense. But for those vacation photos that you pull out frequently to share with family and friends, this step can be cumbersome.
Though not all documents need to be encrypted, having the option to do so is necessary for certain documents. Individuals can use client-side encryption to pick and choose what they encrypt and know that it won’t end up in the wrong hands. Similarly, businesses can organize important company files and store them in a safe place. When encrypting sensitive data, it’s important to do so in the most secure manner possible, and client-side encryption is the only option that offers that kind of security.
Tunio Zafer is the CEO of cloud storage platform pCloud. As a leader and manager in the cloud storage space, Tunio promotes innovation in areas such as security measures and cost to end users. Tunio encourages forward-thinking throughout his team, working toward making a significant impact on the rapidly growing IT market, for individuals and business alike.