22 . 08 . 2022
Cloud data encryption - what to know before choosing a provider?
22 . 08 . 2022
Technically and practically speaking, all popular cloud-based tools are securely encrypted. In fact, this means that we do not have to worry about the problem of data encryption, as long as we do not need to prove its security to regulators, customers, business partners or a bank. So in every “typical” situation, we can take our suppliers’ word for it. This, however, does not mean that the subject of encryption is not worth exploring.
The security standards offered today by cloud services – disks, tools for collaboration on documents, graphics editors, video games, etc., especially those that require us to login and offer a paid subscription – are high and constantly monitored. Specialists take care of us.
In practice, a “typical” user has nothing to worry about. Long gone are the days when an application (back then called a program) was trusted only when it could be installed locally on a computer and used “normally”, that is, offline. The spread of high-speed internet significantly contributed to this change of mindset. Awareness of cyber threats also rose in the meantime, and the norms have been tightened to protect the great masses of users. Data encryption in the cloud with a 256-bit algorithm, the “weakest” of those unsinkable by a brute-force attack, is no longer surprising today. Rather, it is its absence that may arouse users’ interest.
However, the Internet has become so indispensable that leaving the fundamental principles of its functioning to specialists and focusing solely on the usage is like reading the printed press without being aware of Gutenberg’s achievements. Therefore, it is worth acquiring basic knowledge about the technical side of the internet, even if we do not intend to construct ourselves the modern, digital tools in the service of mass communication.
Cloud data encryption - locally or externally?
Let’s start with the definition. Cloud data encryption is designed to ensure that the information we send and receive is not read, modified or deleted in an unauthorized way. Looking at the simplest model of its inner workings, encryption can be explained in such a way that the original portion of data we want to protect is first coded with the help of a suitably strong cryptographic algorithm (the engine) and a unique encryption key, and then sent to and decrypted by an authorized recipient, who uses a unique decryption key in their possession, thus reverting data to its original, legible form.
Usually, the user does not even know about the existence of such keys whatsoever. In fact, typically all we need to do while using commercial cloud-based tools that utilize encryption is log into such a system as authorized users, and the process of encrypting (files and communication) will start automatically. This encryption/decryption process might differ depending on whether we use a locally installed client, e.g. an extension to the browser, or application, or we work directly in the cloud (no plugin).
In the first case, the login data, for example the password, may or may not be stored locally (and its use then two-factor-authenticated, e.g. by SMS). After the user logs in, the local application establishes an encrypted connection with the server or encrypts the data locally, and then sends portions of such encoded data to the server and delivers it to the recipient, who, in turn, can decode the information locally.
In the second case, all encryption and decryption takes place on the provider’s server. Users only operate at the level of the protected interface, which is not available or cannot be serviced offline.
Both solutions obviously have their strengths and weaknesses. The advantage of plug-less solutions is the complete relief of the user from the necessity to take care of the system security, apart from the password and access to the device – these can be taken over more easily than the supplier’s constantly monitored server, after all. The advantage local applications give is the exclusive possession of encryption keys by the user. In theory, keys should not be stored on the same instance as the data, i.e. in the provider’s cloud. It may therefore be safer to store the keys on your own device (especially in case of financial applications). There might, unfortunately, be dishonest administrators and cybercriminals at play.
But why are these or other encryption methods so important, despite their advantages and disadvantages? To put it simply, it’s because they are nonetheless effective. Data encryption in the cloud with the use of proven protocols (IPsec, TLS and others) is a widely recognized practice, and regulators require this practice to be applied e.g. to regulated entities and wherever data disclosure may have a negative impact on economic and national security. The encryption results from the recommendations of the Polish Financial Supervision Authority, GDPR and other regulations.
What actually encryption gives us: in defense of integrity
Let’s move on to a little spoiler. In one of the episodes of the AMC’s hit television series “Better Call Saul”, the title character, Saul Goodman, a lawyer with a dubious reputation and quite “flexible” approach to the rule of law – tries to discredit his older brother, a successful lawyer who, for ethical reasons, stands in the way of Saul’s professional (and social) breakthroughs. Saul executes a plan to steal paper (sic!) documents collected in the case conducted by his brother, and then doctors them meticulously using a scalpel: he changes the order of the digits on the date of the main application, makes high-quality photocopies to hide cut marks, and then puts the fakes in place of the originals. The operation results in the jurisdiction’s formal rejection of the case – and a loss to the client. The conman gets away with it and the “slip-up” casts a shadow on his brother’s career. Saul successfully interferes with data integrity.
This television example perfectly illustrates the importance of data integrity, which next to confidentiality and availability is part of the so-called CIA triad (confidentiality, integrity, availability). The story of Saul is completely unbelievable in the present conditions (the plot takes place in the early 2000s), but today it is possible to imagine a situation where the patient’s medical data is electronically written and placed in a cloud with no encryption. An efficient hacker is able to get into such a cloud, modify a key fragment of the documentation – for example, change the diagnosis, and then leave the server almost without a trace. Taking care of integrity, i.e. ensuring that any data stored in a file or transmitted online will not be modified in any way by unauthorized persons, is then one of the main functions of encryption.
Encryption in transit and at rest - what is the difference?
What happens to your data when it’s being encrypted can be described by two basic processes. Cloud encryption at rest applies to files stored on the server/client that are currently not being transmitted over the network or between the client and the server. In turn, encryption in transit concerns the moment of communication or data transmission in the network or between the client and the server.
Depending on the cloud operation model, data at rest can be stored in a dedicated, encrypted virtual disk space, on a local disk, or create the so-called objects. In the second case, the protection usually covers a wider range of components, e.g. API (i.e. a local component of the platform that allows for its online use), network connection, a cloud instance or the provider’s physical disk itself. In this case, in theory at least, the risk of attack is greater. Data protection, however, is a struggle for compromises and there are no ideal solutions here, only those practical and… proven.
Saas model - how encryption works in FORDATA Virtual Data Room
Let’s move on to the method of data encryption used in the FORDATA cloud. Our VDR operates in the SaaS model (software-as-a-service). This means that encryption, its effectiveness, updating and guarantee of operation are entirely at our discretion as service providers. The customer is relieved of the obligation to guarantee the efficiency of these components when, for example, is uploading data under protection (e.g. by GDPR) to VDR or in case of supervised entities. You can read more about how we secure files in the cloud in the article
“Cloud data storage and file security”.
Let’s list the most important features of data encryption in FORDATA:
- The connection between the FORDATA Virtual Data Room system server and the user’s browser is encrypted with a 256-bit encryption algorithm, the most advanced encryption algorithm available on the market.
- We have an EV SSL certificate confirming the highest standard of identity authentication on the Internet
- EV SSL certificate was issued for FORDATA by Digicert.
- In addition to data encryption, the certificate also authenticates FORDATA as the provider of the website under which the VDR is available.
- The certificate is updated each time before its expiry date. There is an internal instruction on how to renew the certificate (individual steps, which are standard in the case of updating this type of certificate).
- We sign the code of our application with an Authenticode class certificate, guaranteeing its originality and integrity.
- Data kept on disks at rest is encrypted with a 256-bit symmetric AES encryption algorithm.
Practically speaking, this means that the data stored on FORDATA servers (we have a physically separated disk partition, which is not used by other server room customers) is as safe as the funds stored on an electronic bank account. Suffice it to say that our services are used by international financial institutions.
Responsibility for data encryption in the cloud lies entirely with us. Thanks to this, you can be sure that your work will always comply with the current EU regulatory requirements in the field of data protection.
Did you like the article?
How many heads, so many ideas. That's why each of us contributes to making the content on our blog attractive and valuable for you. Discover a source of knowledge and inspiration for your business with Fordata.
Do you want to exchange knowledge or ask a question?
Write to me : #FORDATAteam page opens in new window
The safest place for your deal. Try out FORDATA VDR free for 14 days
START NOW Get your trial version for free-
01 . DORA: New Digital Resilience Regulations and Support from Fordata
The DORA regulation is a comprehensive set of rules on ICT risk management, primarily aimed at entities supervised by the Financial Supervision Authority (KNF) and their service providers.
13.11.2024
-
02 . Fake software aggregators – how to identify them?
Fake software aggregators and Virtual Data Room industry. See how developers try to deceive their customers with fake software comparison websites.
14.03.2024
-
03 . Safe alternative to Dropbox in Due Diligence
Why should I pay for VDR when I can use Dropbox?’ – our clients ask this question sometimes. Yet the answer is not that straight…
26.01.2024
-
04 . Can Microsoft One Drive or Google Drive replace VDR?
Can Microsoft’s and Google’s Drive replace VDR? Popular storage clouds are convenient but can they provide the same level of security?
29.12.2023
-
05 . VDR in due diligence process
M&As are a permanent element of the economic world. Their goal is to achieve strategic and financial benefits by expanding markets, diversifying products and production processes.
27.05.2023
-
06 . Cybersecurity - what should companies pay attention to?
Entrepreneurs today look at remote work without fear, although many could not imagine effective work outside the office earlier this year. The pandemic proved that…
30.09.2020
-
07 . Flexible office - how to respond to new needs?
Companies have returned to offices with new needs. Entrepreneurs are starting to look for flexible rental models thanks…
24.08.2020
-
08 . Are your email attachments safe?
The modern office cannot function without email. According to the Radicati group, a statistical employee receives 121 messages per…
02.03.2020
-
09 . How to black out text in a PDF document correctly?
Document redaction has many faces – it may turn out that overwriting of the text in our document, which at first glance looks…
27.02.2020
-
10 . Safe cloud and the user - a marriage of convenience
According to a report on cloud computing prepared by McAfee, up to 87% of the companies surveyed believe that…
03.02.2020
-
11 . Rules of Safety Policy in FORDATA VDR
The FORDATA team is aware that even well-secured infrastructure has no chance against any infection resulting from human error.
31.10.2019
-
12 . Dropbox security - what should your business know?
Dropbox makes collaboration and sharing of documents easier but is the platform secure enough for our company to process confidential information with it? What to…
18.10.2019
-
13 . Cloud Data Storage And File Security
The internet has become a common thing in companies’ lives. The enormity of dedicated services, fast transfers and increasing mobility…
31.07.2019
-
14 . FORDATA wins the 2019 Premium Usability and Rising Star Award
FORDATA has earned the prestigious 2019 Premium Usability and Rising Star Award from FinancesOnline, a popular B2B software…
30.04.2019
-
15 . Due Diligence audit using Virtual Data Room - security in your company
The process of sharing confidential information can be greatly improved by using Virtual Data Room. Preparing for an audit?
14.01.2019
-
16 . What is electronic data repository?
What is electronic data repository and why to use it? Maybe you already do? Read about the features and advatnages of a good online repository.
04.12.2018
-
17 . FORDATA recognized with 2 IT Security Software Awards!
FORDATA got Two Awards through a renowned organization FinancesOnline, a fastest growing independent review platform.
01.02.2018
-
18 . Virtual Data Room: Everything you need to know
What is a virtual data room? What benefits can we achieve by using the system in merger and acquisition transactions?
25.10.2017
-
19 . GPG standard - a word on encrypting confidential data
Some users want it 101% safe. If the files we share via cloud services really need that extra layer of protection, encrypting them with a GPG standard might be a good idea.
13.07.2016
-
20 . How can we help you with Due Diligence?
Time plays a major role in M&A transactions. Even the smallest improvement that saves time needed to prepare and perform Due Diligence…
10.03.2014