Today we are announcing the first in a series of Cloud Storage Challenges. This first challenge centers on one of the main concerns people have with sending their data to the cloud: security. Businesses that would benefit significantly from using cloud storage are holding back due to fears of data leakage.
There is some validity to these concerns. The cloud is a multi-tenant environment. Resources are shared and the cloud itself is an outside party, so there’s a risk that your data could be vulnerable to an accident or a malicious hacker attack. At Nasuni, we designed our system with these and other potential concerns in mind. The Filer protects customer data with OpenPGP encryption. Since all data is encrypted on your premises, it is completely opaque the moment it leaves your office.
To demonstrate just how confident we are in this system, and OpenPGP in particular, we are going to make public an Amazon S3 bucket for one of our Filers. Anyone can access the encrypted data inside, and one of those files, the Prize File, has top secret contents. If someone reveals the contents within 30 days, they win $5,000.
We are issuing this challenge because we are confident that no one will succeed. In fact, we know no one will succeed – security experts will realize that this “challenge” is really more of a demonstration. This is a stunt to bring attention to the strength in modern encryption and our use of it. In reality, encryption is the least likely place to fail in a secure system. The smart attacker will know to avoid the crypto and to look for weaknesses elsewhere (frequently in people and IT processes).
We are not trying to demonstrate that the cloud is more secure than having the data stored in your office. If someone breaks into your office, all bets are off. What we have done is make the cloud as secure as your office.
Effectively, the Nasuni Filer extends the security perimeter of your office to cover your data in the cloud.
When used properly, OpenPGP is effectively unbreakable. What we want to show here is that our design of encrypting at the edge, on the customer’s premises, and never allowing a single byte of customer data to enter the cloud unencrypted really capitalizes on the strengths of modern encryption. We’re not looking to show that OpenPGP works. More than anything, we want to show that we’re using modern encryption properly.
Once those 30 days have elapsed, and no one reveals the file’s secret contents, we will donate the $5,000 prize to the Free Software Foundation. This is our way of thanking them for the GNU project and specifically GnuPG, a FreeSoftware implementation of the OpenPGP standard. We think the minds behind the Gnu project are the real heroes, inspiring brilliant technical thinkers like the team at g10 Code. The free software movement in general does not get enough credit today – we think its intellectual pioneer, Richard Stallman, is going to be remembered long after today’s tech heroes have been forgotten.
Getting back to our security challenge, though, we should add that we hope to educate potential users. To learn more about cloud storage security download our new white paper Understanding Security in Cloud Storage. We want to address their fears and demonstrate that we have thought about their concerns. To that end, this is just the first of Nasuni’s Cloud Storage Challenges. Stay tuned for more and email us at feedback@nasuni.com if you have any questions.