Your data is out there, somewhere – all of your data. Encryption can protect files on your laptop or PC. Storing them on a remote server – such as DropBox is another option. And … well, that’s about it.
So I read with interest a recent article in New Scientist that pointed towards a so-called “third option” for data security.
Dubbed “Cloud Shredder”, this new system is scheduled for launch – at least for Adobe Acrobat and Open Office – this month.
It has been developed, we’re told, by Nan Zhang, a researcher at the Chinese Academy of Sciences, and colleagues.
How will it work?
The Shredder reportedly splits files into two pieces when they’re placed in a Dropbox-style folder. One half remains on your local hard drive, while the other is sent to the cloud.
If your laptop is stolen, you simply delete the cloud part of your data and the thief is left with a hard drive full of junk.
Conceptually, this seems a great way to encourage people to feel more comfortable about storing their confidential files using cloud computing.
People can, and do, store their files using cloud computing at the moment, of course, but there are a number of privacy considerations – not least the question of who else can access your information.
The Shredder system means you will need to bring together the two parts of the file to be able to open and read it. Someone on the internet may be able to see the other part of your file, but they can’t open or read it as they do not have access to the all-important second part, which is on your PC.
Think of it like tearing up a dollar bill and giving another person the other half – the bill’s only of value when the halves meet up again.
The idea of having two parts (or “keys”) to allow access to any of the files that are stored in the cloud is not new.
This is core to the design of the internet, in that secure data is encrypted with a number of “keys” that only allow the sender and recipient to access the data. Anyone intercepting the data cannot read it as it’s coded, and is therefore secure from prying eyes.
Drawbacks
Sharing and storing a range of file fragments would be fine if you were to use the same PC or laptop to access your files in the cloud. The obvious logistical challenge comes the minute you want to use another PC to access your cloud files, given that PC will not have the part needed to make the file complete.
There are a number of other considerations to the approach of having parts of your file on your PC and the other parts on the internet:
1) Performance overhead. With one half of your file in the cloud and the other on your PC, each time you update your file and save it, it has to write parts of the file to the internet and the other part to your PC.
The Shredder introduces another layer of software that has to manage the processes of deciding which bits (literally) go where (i.e. to your PC or the cloud).
That would increase the processing time needed for working with the file, and slow things down marginally.
2) Backup and recovery. Files such as PDF, Excel spreadsheets, Word documents and so on can be stored anywhere (a memory stick, your PC, the cloud) as distinct objects, as they are fully encapsulated and complete.
That also means that you have full control over the back-up and restoration of the file in its entirety. If your files were split in half by the Cloud Shredder, how would this be possible?
3) Internet bandwidth and latency. If you are using a file on your local PC, it all runs as fast as your PC, and you are not dependent on how fast your internet connection is.
By having half of your file constantly on the internet, you are at the mercy of the speed of your internet connection. For large files, this may be a problem.
Imagine working on a large spreadsheet – each time you moved from one end of the file to the other, you could be watching the hourglass way more that you’d like to.
3) Emailing files to others. Presumably this would be a problem? The file joining methods would need to be capable of transferring the local PC copy to others via email.
4) Wherever there is a code, security system, key or other encryption method, it will attract keen hackers. The encryption algorithms would need to be fairly robust.
5) Cloud vendor “lock-in”. Presumably your cloud provider would be providing the Shredder capability. If you wish to put your files into another cloud provider’s system, how would this transfer be done without breaching the security?
The Cloud Shredder concept is a good one. The real challenge will be to overcome the range of practical considerations, and to convince everyone it’s robust enough to provide the rigorous security expected by businesses, governments and consumers alike.
Join the conversation
Comments (3)
Dave Slutzkin
General Manager (logged in via email @fastmail.fm)
I'm not sure I understand - doesn't this idea combine the worst of local storage with the worst of cloud storage?
- cloud storage promises that you can access your data from anywhere; but with Cloud Shredder you can only access it from a single local machine
- cloud storage promises that you'll always have a backup copy of your data; but with Cloud Shredder, losing your local copy means you lose the whole thing
- local storage is fast and cheap; but Cloud Shredder is much slower and more expensive
The only nominal advantage of Cloud Shredder is security, so it should be seen as enhanced security for local documents. However:
- local document encryption promises that an attacker can't read any of the file unless they have the key; but with Cloud Shredder they're likely to be able to reclaim some information from it as they have half of it unencrypted
It's not as fast as local storage, not as useful as cloud storage and not as secure as encryption. What's good about this, again?
Rob Livingstone
(Fellow of the Faculty of Engineering and Information Technology at University of Technology, Sydney)
Thanks for your comments ....
You're correct in your comments, and in principle, it's an idea that may have *some* merit as a concept, however the practicalities of implementing an effective solution that meets rigorous enterprise governance requirements for specific files makes for a challenge in it's widespread adoption. Also, the idea of having to purchase products on top of other products to fix a fundamental problem also adds to the complexities of multi-vendor solutions, where the systemic complexity rise exponentially with the number of players in the stack. All valid points. This 'solution' is symptomatic of the emerging nature of the use of cloud technologies, where the 'cracks' in the house of governance, security and risk all have to be papered over with a range of 3rd parts 'apps' or solutions.
David Glance
(Director, Centre for Software Practice at University of Western Australia)
It has a catchy name? Actually, even the name is misleading - and a little off-putting - give us your documents - we will shred them for you?
There is an issue around awareness of DropBox's lack of encryption and their ability to look into your files and potentially hand them over when asked. There are also DropBox's publicised slip-ups where people have inadvertently got access to other accounts- so I tend to use TrueCrypt for anything that is sensitive that I want to store on "the cloud".