Security Experts:

Connect with us

Hi, what are you looking for?


Cloud Security

Top 5 Security Challenges of Cloud Storage

Boston based Nasuni, a company that helps customers secure data stored with cloud storage providers such as Amazon AWS and RackSpace Cloud, this morning shared some ways to address data security in cloud based storage environments.

Boston based Nasuni, a company that helps customers secure data stored with cloud storage providers such as Amazon AWS and RackSpace Cloud, this morning shared some ways to address data security in cloud based storage environments.

Cloud-based storage as a service includes inherent vulnerabilities, but Nasuni notes that this should not prevent a business user from taking advantage of the economies and flexibilities that come with cloud computing.Encrypting Files in the Cloud

Five Ways to Address Storage in Cloud Environments:

1. Data Leakage: Many businesses that would benefit significantly from using cloud storage are holding back because of data leakage fear. The cloud is a multi-tenant environment, where resources are shared. It is also an outside party, with the potential to access a customer’s data. Sharing storage hardware and placing data in the hands of a vendor seem, intuitively, to be risky. Whether accidental, or due to a malicious hacker attack, data leakage would be a major security violation. The best strategy is to assume from the start that the cloud vendor is compromised and send only encrypted files to the cloud. Use the strongest encryption that you can; anything less is not worthwhile. Don’t depend on the cloud provider or an intermediary to encrypt those files for you – then they’ll be able to decrypt them as well, and you’ll have to rely on trust. With the cloud, all data and metadata should be encrypted at the edge, before it leaves your premises. The only person to trust is yourself.

2. Cloud Credentials: Even encrypted data can be vulnerable if your files are pooled in with those of another customer. Access to a given pool of storage is based on credentials, and if you are lumped together with another set of customers and share the same credentials, there is a risk that one of them could obtain those credentials and access your data. They would not be able to decipher it, assuming it is encrypted, but they could delete the files. By securing your own unique credentials, however, your files will be separate. No one else will be able to log into your account and delete your data.

3. Snooping: Files can be vulnerable in the cloud, but there are also risks during data transmission. Strictly speaking, encrypted files do not need to be sent over a secure line – this amounts to double encryption. But it is best to assume the worst and guard against any measure of snooping by only sending and retrieving data over a secure line. This prevents against someone seeing cloud metadata. Data and metadata should be completely opaque on the wire and in the cloud. Nothing – no filenames, timestamps – should be decipherable once it leaves your premises.

4. Key Management: This has to be addressed properly because if you botch key management, there is a risk that users will not want to activate the cryptography, which then compromises security. Key management should be so simple that users are not even aware of it: Encryption should be automatic. There should be no way to turn it off. This way, if there is no insecure mode, then there is no chance of someone accidentally sending unencrypted, vulnerable data to the cloud. Keys should also be securely escrowed, and difficult to retrieve, so that no one can obtain that key to access your data. Ideally, you would escrow this key yourself, but Nasuni also offers customers secure key escrow.

5. Performance: A strong security strategy is a necessity, but it should not seriously impact performance. Encryption of data being sent to the cloud, and decryption of files called back from the cloud, should happen with little or no impact on the user experience. Ideally, it should all happen without the user noticing a thing.

Nasuni keeps data secure by acquiring unique cloud credentials for each of its customers, and ensuring that all data is completely opaque over networks and in the cloud. Using OpenPGP, a popular encryption standard, Nasuni software encrypts all data and metadata before sending it to the cloud, and transmits it securely over the internet. The system also masks filenames, file sizes, timestamps, and more – data and metadata are completely opaque. Keys are securely escrowed and encryption is automatic: The Filer can only send encrypted data to the cloud. Finally, by using the AES-256 cipher, the Filer is able to encrypt and decrypt data quickly, ensuring that users enjoy strong security without sacrificing performance.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.


Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cloud Security

Orca Security published details on four server-side request forgery (SSRF) vulnerabilities impacting different Azure services.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...