Your IT Consultant

Secure Cloud Storage with Zero Knowledge

March 22, 2016

Protecting your data is very important these days. The battle between Apple and the FBI is another recent example of efforts to protect user's privacy. The majority of cloud storage providers encrypt the data in transit and in storage as an attempt to protect data access. The problem is that the cloud provider has control of the key to decrypt the data. That means they can decode your encrypted data and turn it over to the government or law enforcement personnel. In order to stop unauthorized access, the user needs to control the encryption key. This is a concept called zero knowledge. In other words, the cloud provider has zero knowledge of the encryption key. SpiderOak is a cloud storage service that has zero knowledge.

While SpiderOak is a secure storage environment, it is NOT a replacement for other services such as Dropbox. Last week at ABA TECHSHOW, I heard the exact opposite. SpiderOak is a zero knowledge service as long as you don't want to share access to any of your data. Specifically, if you want to share access to files via the ShareRoom feature, you no longer have total control over the data. In fact, SpiderOak cautions that ShareRooms violate Zero Knowledge. I use SpiderOak myself and think it is a wonderful secure service, but beware of the ShareRoom feature. In defense of my colleagues, the insecurity of the ShareRoom feature is not well known – hopefully, they are reading this post and will adjust their lectures accordingly.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com