Subscribe       Feed   All Posts     Search by Topic:

Researchers Find Security Flaw in Public Cloud File Sharing

Blog Image: 

Many public-cloud storage providers promise high levels of security for their clients’ data. However even those storage providers that claim that clients’ data is always encrypted may be susceptible to a design flaw that enables service provider employees to gain illicit access to that data, according to researchers at Johns Hopkins University.

A technical paper published this month, by university researchers, analyzed the data security implemented by several cloud storage providers. These storage providers promise that their “zero-knowledge environments” prevent employees from accessing clients’ confidential data. They found, however, that whenever a client shares data with another user, encryption keys are generated, and those keys are fully under the control of the service provider. Theoretically, a service provider employee could intercept the keys and perpetrate a man-in-the-middle attack against the client, gaining access to the client’s data without the client’s knowledge.

This security vulnerability is simply yet another potential security shortcoming inherent in public-cloud storage services, some of whom have already been susceptible to service outages and security leaks.

So how can businesses avoid potential security risks? Organizations can consider deploying private-cloud storage solutions to manage their content. In private cloud solutions, an organization keeps full control over its own encryption keys, eliminating the possibility of man-in-the-middle attacks by outsiders.

For those that choose to use cloud solutions, there are certifications that detail which solutions are actually secure enough for enterprises to use. One example is the Skyhigh CloudTrust™ rating, which details the select cloud services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. Accellion just received the highest rating of Enterprise-Ready for kiteworks, our mobile collaboration and file sharing solution, putting our security protocols and functionality in the top 10 percent of all cloud providers. Learn more about the rating here.

See All Blog Posts >>