Encryption Keys and Security

With Encryption – Why do we leave our keys in our locks?

We don’t leave our keys in our locks (it kind of defeats the purpose). So why do we continue to have the keys to encrypt and decrypt the files are stored together in the cloud?

Because it has been the ‘logical’ way developers looked to solve the problem.   Either the keys were on the client ( the laptop, table, phone, or desktop) or they were on the side where the file were stored (the server).

Having the keys stored on the client side limited the access to only that particular device.  In addition making the data – ‘single device/single user’, it also added the risk of the device failing (or being stolen or compromised) .

Putting them on the server side makes the files available to many devices and users, and dramatically reduces the risk of a machine failure.  However – it becomes much easier to compromise the information, by capturing both the encryption key and the file at the same time.

Just like the lock and key shown above…

We thought about the problem differently.   In “A Cloud Of Our Own” – The keys aren’t on either the client (eliminating the single user/single device issues and compromised device) or the cloud server (eliminating the risk of compromise from a server breach).  They exist on a hardened, secure device (about the size of a cellphone) that you plug directly into your home network.

 

You lock your car and take the keys with you.  We believe a similar approach to your cloud files.   Keep your files safe.

Leave a Reply

Your email address will not be published. Required fields are marked *