Most standard encryption solutions available today, are strong enough to resist attempts to pry open the secrets they protect. The only person who has a reasonable chance of decrypting the data is the person who holds the encryption key – or the organization that generated the key. This unfortunately opens the door to a lot more people being able to decrypt the information: for example when a government agency obliges an online storage provider to provide access to the files it holds on its customers’ behalf. But does that mean that bypassing the online provider’s offer of encryption is a better solution?
When You Want to Share
If the cloud storage company protects your data for you and keeps the key safe, your login and password information should then allow your files to be decrypted for you to see them at that time. This functionality may be important if you want to share your information with other designated individuals. With your authorization, they too will be able to login and see your data. Note however that this encryption is not the same as the encryption applied when the files are uploaded or downloaded between your PC and the online storage provider. That encryption ends when the transfer ends. You need to ask or check that the provider then also applies encryption to your stored data, not just your data in transmission.
Do It Yourself, Lose It Yourself?
If you’d rather not have anybody accessing your key but you, you can also encrypt your files yourself locally. A number of encryption solutions exist that you can apply before you upload data to the cloud. While sharing your data is still possible, it’s not as easy as sharing a login and password. And if you don’t share with anyone and you then forget or lose your key, you’ll never be able to decrypt your data again. In this sense, the higher security solution also has a higher risk of malfunctioning.
Large Volumes of Data and Deduplication
If you upload very large amounts of data, for example as a business user, you may want to explore ways of compressing the data to save on storage space and online charges. But will this still allow you to encrypt your data as you want? The difficulty lies in the way that large scale deduplication of data is done. To reduce the storage space required, the deduplication technique involves looking for identical chunks of data. All these chunks except for the first one are then removed, leaving only pointers or references to the others. When decompression is done, the identical chunks are copied back into the places indicated by the pointers. But encrypting before deduplication is done means that these identical chunks of data no longer exist. If you are relying on your cloud provider to ‘dedupe’ your data, it may make more sense to have your encryption done in the cloud rather than locally on your own computer.
Encryption uses a variety of acronyms, so here are a few definitions to help you pick out the right solution for you. One of the most common standards, AES (Advanced Encryption Standard, for example of the 256 bits variety) refers to encryption with just one key that can be used to both encrypt and decrypt data. RSA (from inventors Rivest, Shamir and Adleman, 2048 bit) relies on two different keys for encryption and decryption. On the other hand, SSL (Secure Sockets Layer, 128 bits) is the encryption method used for transmitting files (not for storing them), and SHA (Secure Hash Algorithm) to compare two files to see if their contents are identical.