On June 22, 2010 we launched a security challenge as a way of both educating businesses about security and showing that with the right system, data at rest in the cloud can be secure. The challenge lasted for 30 days during which no one cracked the Nasuni Filer and revealed the contents of the encrypted prize file. At the end of 30 days, we donated the price money to the Free Software Foundation. You can read more about Nasuni's security challenge below.
The Data Leakage Fear
Many businesses that would benefit significantly from using cloud storage are holding back out of fear of data leakage. The cloud is a multi-tenant environment, where resources are shared. It is also an outside party, with the potential to access a customer’s data. Sharing storage hardware and placing data in the hands of a vendor seem, intuitively, to be risky. Whether accidental, or due to a malicious hacker attack, data leakage would be a major security violation. Why not be worried?
OpenPGP Encryption
We at Nasuni designed our system with these concerns top of mind. The Nasuni Filer protects all your data with OpenPGP encryption. Data is encrypted on your premises, so it is opaque to prying eyes from the moment it leaves your office. To demonstrate OpenPGP’s effectiveness--and to show you how confident we are in our security scheme--we are issuing a challenge to all skeptics: Crack the code and win a prize.
The Challenge
We have made public an Amazon S3 bucket for one of our filers. Anyone can access the encrypted data inside. Among the handful of files in the bucket is the Prize File, the contents of which is top secret. The first person to tell us what’s in the file will win $5,000.
No one will succeed. We are that confident. Modern encryption protects thoroughly against data leakage. The security community already knows that a head-on attack on the encryption layer is futile. We want everyone to know. We welcome your attempts. For more in-depth technical details on the challenge visit the challenge details page.
View the Encrypted File System Image
End of the Security Challenge: Donation to the Free Software Foundation
The challenge officially came to an end on June 21, 2010. We're thrilled – but not-surprised -- to say that no one cracked the Nasuni Filer and revealed the contents of the encrypted prize file. As such, this security challenge successfully demonstrated that modern encryption can protect cloud storage files.
Nasuni is donating the unwon $5,000 to the Free Software Foundation, to thank them for the Gnu project and specifically GnuPG, a Free Software implementation of the OpenPGP standard. They are the real heroes. The GNU project continues to inspire technical excellence among the best and brightest minds, including the team at g10code.
"We thank Nasuni for donating the $5,000 security challenge award to the Free Software Foundation and GNU project, This challenge demonstrated the strength of modern encryption and highlights the importance of free software tools such as GNU Privacy Guard," says Peter Brown, Executive Director of the FSF.
Our goal with the Cloud Storage Challenges was to educate potential users of the cloud by addressing their concerns directly. Security risks will continue to exist but cloud storage does not inherently make your environment any less secure. There is much that needs to be better understood and much that will be debated. This is only the beginning of that conversation. Stay tuned.
Legal Disclaimer
Employees, agents, representatives and affiliates of, and consultants and advisers to, Nasuni are not eligible to participate. The Challenge ends on July 21, 2010. If there is a dispute regarding the rules or outcome of the Challenge, Nasuni has complete discretion to resolve the dispute and any such resolution shall be binding. When participating in this Challenge, no illegal activities are permitted or condoned and any illegal acts or practices will be grounds for automatic disqualification from the Challenge.