In the field of technology, there’s a principle known as Moore’s Law. This principle states that “every 2 years, the power of technology will double.” The law has become so prevalent that it’s been used by many technology firms to guide their development in all areas, from hardware, to software, and even security.
In the security field, the law is regarded a bit differently. Within the world of data security, it acts as a deadline. Every 2 years, as the power of new technology doubles, so do the risks of a data breach, unless security is prepared to match this new technology. Even only a few years ago, the consequences of a data breach upon a normal person were usually limited to just their credit card information, or their social security number, at absolute worst. However, this is no longer the case.
As technology itself develops, it becomes more and more ingrained in our everyday lives. Nowhere is this more apparent in a new field of technology known as “Cloud Storage,” in which all data would be stored in a server, accessible by any who had the software capable of accessing the storage server, or the “Cloud.”
Five years ago, Cloud Storage was regarded as a new and strange system, with many questions and doubts being raised by technology experts of its convenience, or efficiency. On technology based sites such as Computerworld or PCworld, articles were penned both praising and damning Cloud Storage on issues of usefulness and safety, with each site generating whole subsections of their site dedicated to the Cloud.
Now, Cloud Storage is an established fact. Many companies offer Cloud-based services, such as iCloud, with companies whose sole product is Cloud Storage becoming more and more prevalent, such as Dropbox, Justcloud, or Livedrive.
The Cloud’s introduction into public use has not been without consequence, however. Studies done by IBM, International Business Machines, have shown that data breaches have become common, with almost 300% more data breaches in 2011 and 2012 alone, than throughout the rest of recorded computing history. Even the current time is not without its examples, with nude photos of celebrities being “leaked,” all obtained through a breach of iCloud security.
These breaches have raised an important question; is the Cloud really safe? Most technology experts will explain that nothing is truly safe, and that safety and care of data falls upon its owner. Many are inclined to agree, but this doesn’t truly answer the question.
Security of data within the Cloud depends upon which company is hosting the data, but it all comes down to the “Encryption key.” Encryption essentially converts data into gibberish, with only a computer with the same key being able to decipher it. Encryption keys come in levels of “Bits.”
For example, the absolute lowest standard agreed upon within the security industry for bit count in encryption is 128 bits. The combinations of possible ciphers out of this is 2^128 combinations, or approximately 340 undecillion. This seems to be large, but in reality, with new technology, 128 bits can be brute forced, or rather, the computer can simply check every single combination until the correct one is found.
In his piece written for Computerworld on safety measures within Cloud Storage, expert Lamont Wood estimates that it would take 6 months for a quantum computer to crack a 128 bit key, and that’s without any previous knowledge of the cipher. With any knowledge, it becomes easier and easier, and faster and faster.
However, many Cloud providers offer stronger encryption. With the total available combinations per cipher being represented by 2^X, upgrades become safer and safer at an exponential rate. Some Cloud services offer 256 bits(about a vigintillion combinations) of protection or even 448 bits(around 1 x 10^134 combinations). Despite this, data breaches still occur frequently.
The continuing data breaches, despite even stronger security than ever before, come from the one fatal security flaw of Cloud computing. In order to actually maintain and properly manage the data they hold, Cloud providers not only hold the cipher necessary for their data, but also the more simple information, such as usernames or passwords, which can be stolen on sight, or used in white-collar crime.
This security fault is a necessary one, to create higher security in all other cases. Due to the necessity of this flaw, any Cloud service will always maintain a risk of being compromised.
Despite this, Cloud computing still remains as a useful and accessible storage option, but one that perhaps, we shouldn’t place all our data within. Once too much is stored within the same place, the consequences of a single data breach will grow and grow.
To protect not only one’s own data, but the data of all the users, the safety of data in the Cloud falls on the burden of the consumer, with safe decisions and caution being key, no matter how much security is introduced. Too much stored can be too much stolen.