By Arief Fatkhurozi 21 July, 2021
More and more companies are considering cloud storage because the introduction cost is lower and it is easier to use in terms of data sharing, etc. than maintaining and managing the server in-house. But the biggest concern is still security. If you can't solve this problem, you won't be able to start the introduction with confidence.
More and more companies are considering cloud storage because of its lower implementation costs and easier data sharing as compared to maintaining and managing their own servers. However, security is still the biggest worry. If this concern is not addressed, companies are unlikely to take the plunge with confidence.
In this article, we will examine how data security works and then take a deep dive into cloud storage safety.
While the term "cloud" has become common in business, many people may still only have a vague idea of what it means. First, let's take a look at what cloud storage means, and then explore the characteristics and risks of cyberattacks.
In the context of computers, smartphones, and tablet devices, storage is the built-in system and hardware for storing and managing data. External storage can be connected if the internal storage is insufficient, and it can also be used for backup and storage of previous data.
Cloud storage allows users to remotely access and use stored data and applications via the Internet. One feature is that users can purchase only as much as they need. Another is that because the cloud service provider maintains and manages the storage, users do not need extra professional staff.
Cloud storage can be low-cost to install and easy to use, but are there any security concerns? Next, we will cover some of the typical cyber attacks to which the cloud is susceptible.
A Man-in-the-middle (MITM) attack, also known as a "bucket brigade attack," involves a cyber attacker intervening between a user and a service to steal or alter the data being exchanged. Even though it is a relatively old cyber attack method, recently, there has been a surge in its use.
How can a cyber attacker steal encrypted communication content? For example, suppose that two parties are using public-key cryptography for communication. A cyber attacker intercepts one party’s message with a public key and sends a message with his own public key to the other party. The recipient, thinking the message is from the first party, sends data encrypted with the attacker's public key.
The attacker receives the message in the middle and decrypts the data with his own private key. The attacker can then send a message to the first party that appears to be from the second party, with both parties being unaware that their encrypted communication has been compromised.
Cloud service providers store a huge amount of data, including personal details, intellectual property, and confidential business and financial information. Such data is a treasure trove for hackers, making it a tempting target for unauthorized file access and hacking.
In fact, according to the "Status of Notifications of Computer Viruses and Unauthorized Access" report released by the Information-technology Promotion Agency, Japan (IPA) in February 2021, the largest percentage of damage from unauthorized access reported in 2020 was to web servers (26.7%), followed by client PCs (13.1%). For many of us, the memories are still fresh of companies using cloud services, such as Rakuten, PayPay, Aeon, ANA, etc., that have fallen victim to unauthorized access since December 2020.
Let me explain what measures the "Cloudmatika file box" is taking to protect the data on the cloud from the above-mentioned man-in-the-middle attacks and unauthorized access by hackers.
First of all, to protect your data from MITM attacks, all communications through Tsukaeru FileBako are based on SSL/TLS.
Technology that encrypts communications over the Internet, SSL/TLS prevents third parties from stealing or altering data. Websites protected by SSL/TLS have URLs that begin with "https" and are characterized by a key mark in the browser's address bar.
In SSL/TLS communication, an "SSL server certificate" is issued to guarantee that all communication between the server and the client is encrypted. By guaranteeing the website authenticity with a server certificate, MITM attacks mentioned above can be prevented.
According to a February 2020 McAfee survey of 1,000 companies in 11 countries, 91% of the cloud services used by companies did not encrypt the data they held. As the use of cloud services expands, so does the risk of unauthorized access, and Filebox is fully capable of encrypting data.
Cloudmatika Filebox runs on client terminals, but all communication is AES encrypted to ensure security. The PC platform also uses Microsoft's encryption engine to protect files.
All files are obfuscated in a renamed and expanded format so that hackers and attackers cannot find the files even if they try to break in. AES encryption is also used to encrypt data on customers’ servers, but only 256-bit keys, the highest level of encryption technology, are used to encrypt files.
The password used to log in to Cloudmatika Filebox is hashed using a salt (a random string of characters added before the password is hashed) and saved to the system.
After login, client/server communication is conducted through APIs using tokens generated by the domain administrator, and no user names or passwords are used in API communication.
As explained above, Cloudmatika Filebox has all the security measures to counter your cloud service concerns.
Files stored in the cloud can be edited and organized in a familiar way, and unlimited files and folders can be shared with other users using web links. Also, there are flexible storage options depending on the amount of data needed.
There is no limit to the number of users, starting from Rp. 1,2 million, and a 14-day free trial is also available, so please experience how easy it is to use.
English
Indonesia