The other day I commented that we need to make DropBox safe for the enterprise. I mean there have got to be millions of users who put work stuff in DropBox so as an industry we need to make sure all that data is safe, right? Sure. Of course. But how?
Ah, that’s where it gets tricky. As any security professional will tell you, electronic privacy is hard to do well. It requires a host of technologies like encryption, key management, identity management and authentication. More fundamentally, it requires that the provider and the customer agree on something called a threat model or risk profile.
What this means in the case of DropBox and other storage providers is that users really should answer several questions:
1. Who owns the data I’m putting in DropBox? – This is the person or organization responsible ultimately for protecting the data. And this will be the party that law suits, subpoenas and other unpleasant realities affect if the data is inappropriately disclosed.
2. Who should be able to view the data I’m putting in DropBox? – Is the data owner okay with data going into DropBox being public or should it be kept private?
3. What consequences would result from public disclosure of this data? – Who could be hurt?
4. Is it possible that anyone would want to use this data for illegal or malicious purposes? – What might the impact of that be?
5. Would someone be able to tamper with this data without my knowledge? – How can I continue to trust the data?
These and other questions make what started to be something so simple to help users get their job done, a very serious consideration for most enterprises. When you stop to think about these questions, you reach one conclusion. Users should treat most providers like DropBox as publically visible file shares. In other words, only put files in DropBox if you are okay with those files being available publically at some point – because they just might become public someday.
But wait! There’s another side to this. Some vendors provide encryption to give user data privacy. That security may be built into the service or it may come as a 3rd party add-on. They say it’s military grade, AES-256 encryption. That’s the best encryption available, right? Right. So that takes care of it right? WRONG!
Cryptosystems are difficult to implement properly. So we are now back to the tricky part I mentioned earlier: we have to understand and agree on who we trust and what we want to prevent. Here are a few points to think about in assessing your risk posture with respect to services like DropBox (I’ll generalize a bit and call them cloud providers to avoid beating up poor DropBox unnecessarily since most of their competitors have the same issue):
1. Is it okay for the cloud provider to store your encryption keys? – this certainly makes it easier for you but what new risks does it expose you to?
2. Even if they don’t store the encryption keys, is it okay for the key to be open and used for encryption within the service? – In other words, will you allow the provider to use your open key to encrypt and decrypt data, even if they have to get the key from you? Why is that an issue? Because if they have your open encryption key, it’s possible that they or some malicious code could access your data.
3. How does the encryption key get opened? – Does it open automatically or require a user credential first? Obviously automatically is more transparent but prompting for a user password can be disruptive to your users. Where do you draw the line?
4. Is access to the data audited? – How do you know who is accessing or attempting to access your data?
5. Can you prove that the data is encrypted? – This is the fundamental question for auditors and a requirement if you want to show those pesky folks that as an enterprise you are taking the right steps to protect your data – even in the cloud.
The questions could go on and on, but you get the point. Not every user or enterprise has the same answers to all of these questions. There’s no one-size-fits all cloud security. Instead we need to start talking about Trust Models to better frame the conversation of what’s okay and what’s not okay in the cloud.
No comments:
Post a Comment