We are standing at a precipice in modern history where security is becoming more of an integral part of how the internet functions. Don’t believe us? Look at how many sites are using HTTPS now and compare that to how the situations was 15, even 20, years ago. Even if most people aren’t completely security-conscious, they’re trying. This is perhaps the first time in the internet’s short history that such a worldwide “awakening” has occurred. Despite all of this, though, security is a concept that’s still shrouded in mystery.
For a clear example of the lack of consciousness about security we’re still seeing, ask anyone walking by what they know about encryption. At best, you’ll get an answer along the lines of, “Encryption is a way to conceal information.” That’s not a wrong answer, but it is a very simple one. In many cases, this is all anyone really needs to know about encryption. But when it comes to your identity, we’re entering an entirely different realm that many people are not prepared for. This is mainly due to the language used when explaining the concept of encryption itself. Terms like “asymmetric algorithm” and “military-grade” are thrown around so much, that these are now words people associate with trust without further scrutinizing the context in which they are applied to the actual methods providers use to secure their customers’ data.
Keeping Encryption Simple
The difficulties people have in understanding encryption are making the cloud a very cloudy place to put one’s data. In reality, encryption is a rather simple concept. A key locks it, another key unlocks it, and that key is supposed to be put somewhere for later use (preferably somewhere secret). If that key is discovered by someone malicious, everything your provider stored about you will be exposed. The results of this are disastrous, which is why no one wants to think it will ever happen to them.
To avoid the little dilemma we have described earlier, keys must be kept secret. In public key (asymmetric) encryption, there are two of these keys. One locks (encrypts) data and the other unlocks (decrypts) it. Your private key is perhaps the most precious thing you can possibly have. In most cases, it’s also the only thing you don’t have. Instead, your private key is managed by the application you’re using. In other words, it’s stored on the server of your provider.
The Principle of The Weakest Link
Before we continue any further, it’s important to keep in mind that your security is only as good as the weakest link in the chain. In most cases, the chain is held up by your credentials and the private key we keep talking about. If your password is weak and your private key is easily guessed, this is a worst-case scenario. But let’s say that both are strong. A hacker can still gain access to the provider’s server and your credentials. After that, nothing bars him from infiltrating your accounts.
How Managing Keys Differently Makes The World Safer
To avoid giving hackers the possibility to gain access to your private key (which gives him the ability to complete the process of accessing your data), you’ll need to store it somewhere very secret. Now, when’s the last time you’ve heard of a brain being breached? Even your local neurosurgeon (who we still hope you can trust with your life!) cannot read your thoughts or memory. Perhaps it’s time we started storing keys there, rather than putting them in a server that has the ability to fall under external influence by means of a couple of electrical signals.
If you get control of your own private key without storing it anywhere, you can finally dictate the destiny of your data and all but eliminate the likelihood that you’ll suffer a breach! It’s really that simple!
If you’d like to get a more detailed break-down of encryption and the role it plays in security, as well as understanding what our product does to address the issue of cloud security as a whole, join us at our presentation at Whitehall’s IDM gathering on November 11th!