Data encryption like a safe with a lock. Imagine if you had a big strong lock on the front door of your house. And inside, to protect your valuables, you had a big strong safe with all the latest security features.
You’d probably feel pretty secure. You’d sleep well at night.
Now imagine if the key to your front door and the key to your safe were one and the same key. Now, all of a sudden, that protection doesn’t seem nearly so secure.
Yet that is precisely the way most cloud encryption systems protect your data.
In the above example, the application password is the key to your front door and your big strong safe. The same password that you use to access your application is the decryption key that you use to to decrypt your message.
Sadly, many data encryption companies are using your application password as the key to encrypting your data! But passwords are ridiculously easy for hackers to crack or to get a hold of through all sorts of simple techniques. And once they have your password, they have your data.
The single most important question that you need to ask any Encryption vendor is:
“Where is the encryption key? How I can distribute and manage the key between to my authorized parties?”
Validate your data encryption solution
To validate your encryption solution, and to show how easy it is for a hacker to successfully access your encrypted data, I’m suggesting this simple test. Go to any computer, on your internal network or on the Internet, and log on to your account and access one or more of your supposedly encrypted data files.
If you can read your data in clear text, your data is not secure, your data encryption vendor is just providing you with a false feeling of security. If you can read it, then anyone who can get into your account can get a hold of your data.
Your data needs to be independently encrypted, so if someone gets a hold of your password and accesses your documents, all they get is a load of meaningless junk.
A hacker is like a burglar, if he wants to get into your house, he will find a way. But by securing the data itself, rather than trying to control access, you are saying to the hacker/burglar: “come on in, look around, take what you want, but good luck to you because there’s nothing in here worth stealing.”
This conversion of valuable, confidential data into something that looks, to the unauthorized, like nothing more than a load of garbled gibberish, is precisely the approach CloudMask takes to data security protection. It’s an approach that recently netted the firm a Common Criteria certification, the globally recognised standard in online data protection.
With CloudMask, only your authorized parties can decrypt and see your data. Not hackers with your valid password, Not Cloud Providers, Not Government Agencies, and Not even CloudMask can see your protected data. Twenty-six government cybersecurity agencies around the world back these claims.
Watch our video and demo at www.vimeo.com/cloudmaskShare this article: