Welcome to Part 1 of the Cryptyk’s Threat Analysis Series where we evaluate each of the 5 major threats to the cloud for enterprises. In this article we will analyze the threat of external hackers, and how Cryptyk’s hybrid blockchain technology acts to counter this major security threat.
In our introductory article, we touched upon the ever-increasing frequency of large scale security breaches. It is not a question of if a major cloud storage provider gets hacked, it’s a question of when and how big? All major cloud storage providers such as Google, Amazon and Box store dozens of copies of every file you upload, stored in different servers all over the world. This level of redundancy enables them to offer 24/7/365 access on a global scale, regardless of the integrity of any individual storage servers.
Cloud storage providers will never lose your data and they do their very best to protect it. However, once a single server is breached a hacker can copy millions of confidential user files. This is the fundamental weakness of conventional centralized cloud storage platforms. Defense strategies currently used by cloud providers are usually based around fire-walling users in silos to limit the extent to of the attacks to a few hundred thousand users at a time. However, over time, any files stored on the cloud will inevitably be stolen.
But what if your file is never stored in one piece or in one place on the cloud, until you personally start accessing it again?
We introduced Cryptyk’s Vault component in the introductory article, and it is the component of hybrid blockchain technology that plays the key role against these external attacks.
Vault encrypts your file, then slices it into intelligently randomized portions. Each of those portions is then encrypted again and stored separately among the top 5 third-party cloud storage providers (eg: Google, Amazon). This means that each file is encrypted over 2 layers using 6 different encryption keys. With just this step alone, hackers will never gain access to any complete file when they succeed with a breach of a cloud provider. To collect all the double encrypted pieces of your files, they would simultaneously have to hack all five of vault’s nodes and break 6 levels of encryption to access just a single file. Even using a super computer, hacking multiple users would take many months or even years. Suddenly hacking becomes highly frustrating and unprofitable for the cyber-criminals. For all practical purposes, the Vault platform is effectively “safe-to hack”.
Vault acts to take the profit out of hacking, not by trying to stop the hackers, but by rendering anything stolen to be of no real value and effectively useless. And it achieves this passively with its inbuilt encryption and storage architecture. This technology can be termed user-encrypted decentralized cloud storage architecture. Critical to its design is that the 6 encryption keys required to access and assemble each file are only stored on the user’s personal device, and never on the cloud. Every time a file is updated or shared the encryption keys are also updated and stored via a uni-directional data diode to an off-line cold storage server operated by Cryptyk. This allows Cryptyk to manually email back-ups of all keys in case of loss or damage to the user’s personal device.
Hybrid blockchain technology leverages the performance of the leading cloud storage giants: Google, IBM, Amazon, Dropbox and Box. Each of these companies have billion-dollar security budgets and provide ultra-fast 24/7 connectivity globally. Cryptyk takes advantage of all of their resources simultaneously, with a fast, tested access latency of less than 200ms. Access latency is our major advantage compared to blockchain storage platforms such as Sia, Storj and Filecoin, who all exhibit latencies of 30 seconds or more. This may be OK for weekly back-up of large batch file content. However, 30 seconds is way too slow for most of today’s cloud storage applications such as live editing and network collaboration applications. Cryptyk’s Vault is the only decentralized cloud storage solution that is fast enough for real-time cloud applications that are used by all business and enterprises today.
Of course, hybrid blockchain technology has two rings of decentralization making it also vastly more secure than “competitive” blockchain-only file storage technologies or single cloud vendors. From a higher vantage point, even the major cloud providers we use for our storage nodes don’t know what they are storing. If Google tries to look into Cryptyk encrypted data, they would only see billions of shards of unintelligible files that only represent 20% of anything useful. Again, no encryption keys are stored in the cloud, only on our user’s personal devices and the offline backup systems.
Cryptyk’s security encryption standard is built into the very core architecture of our platform, not layered on like an afterthought. As consumers become more educated about data storage, we hope there comes a day where sensitive data has to legally be stored on a certified “safe to hack” platform. Finally, this decentralized storage architecture has enormous potential for government organizations who have avoided cloud storage because of data sovereignty issues with the major cloud providers. Although like them, we cannot guarantee that a government’s data is only stored within its national borders, we can guarantee that it doesn’t matter where it’s stored.