Protecting private data on public cloud

By Scott Hamilton

As more companies and individuals begin to rely on public cloud storage for keeping their private documents and memories, finding new ways to protect this data from prying eyes is becoming an important issue. The current favorite method for protecting data on public storage is through the use of encryption mechanisms. However, there is coming a time in the near future that current encryption techniques will no longer work to protect your data.

Current encryption methods are once again reaching an end-of-life scenario. This happens when the usefulness of the data outlives the time it takes to decrypt the data. For example, if you are working on a patent application, the data in the application needs protection until the patent is filed, usually a few months. If a hacker can decrypt your data in a few weeks, your encryption mechanism is end-of-life. Up until recently I thought encryption was the only real method of protecting the data.

A few weeks ago I came across an article talking about a new technology for storing data. Microsharding involves cutting the data into miniscule pieces and spreading the pieces across multiple storage platforms. A while back, I wrote an article about how to protect your personal information on the internet. I pointed out the many ways others could access that data and invade your privacy. Encryption is great unless someone gets a hand on the encryption keys, then you might as well post it on Facebook.

There are two main problems with using encryption to protect sensitive data. The first is that someone, and usually multiple persons, have a copy of the encryption keys. This causes issues because cloud storage admin accounts have to have the keys in order to encrypt and decrypt the data, or you cannot access it yourself. If the admin account gets compromised, the attacker now has your keys and access to your data. If the key is compromised, all the data has to be encrypted with new keys. This is an expensive and time-consuming process.

I came across an article discussing ShardSecure, ran under the direction of CEO Bob Lam. ShardSecure came up with a unique way to protect data that does not involve encryption. ShardSecure instead breaks the files into multiple pieces…actually, extremely small pieces, which can be as small as a single byte. A byte usually stores a single character in a text document.

So imagine we cut up this article and place a single letter at the top of every page in the dictionary at the library. You then are provided with a key that tells you the order of the page numbers so you can reconstruct the article. It would be hard work even with the key. ShardSecure takes this to the next level and scatters the shards across multiple storage platforms. It would be like taking this article apart letter by letter and putting the letters in hundreds of books in the library. The key gets more complicated and requires that you have access to all the books.

They can even take this to the next level of keeping the shards on multiple cloud platforms, which would be like putting the parts in several libraries. This would require that you not only have access to the keys, but have access to all the storage platforms and all the storage components. Some of the components could even be held privately by the company, so it would be like keeping part of the article in the dictionary on my office shelf. You would never be able to gather all the pieces.

This removes the sensitivity of the data stored in the cloud, because there is little possibility of someone gaining access to all the necessary pieces to reconstruct the private data. Storing the shards on multiple systems also gains the benefit of increasing performance on the data access, because the parts of the file can be read simultaneously, increasing the speed of reading the data. Until next week, stay safe and learn something new.

Scott Hamilton is a Senior Expert in Emerging Technologies at ATOS and can be reached with questions and comments via email to sc************@at**.net.

Share via
Copy link
Powered by Social Snap