Cloud Services Encryption in Companies and Organizations
Imagine that you are the head of a company - you have a dynamically developing project and you prefer to keep up to date. Every year your organization is growing, expanding staff. In this case, one of the main issues that you constantly have to solve is providing your organization with modern computing technologies, buying new software and licenses. However, this is not necessary. Why don't you use the services of cloud services? All that is needed is to connect to the application of the provider of this service, after which your company will receive remote access to its computing resources.
Then, based on the specifics of the tasks to be solved and the amount of information processed, it will be necessary to choose one of the three current service models:
SaaS - software as a service. In this case, you use the software, applications and operating systems of the provider, which fully controls the functioning of the cloud infrastructure. By and large, you only manage your account (group of accounts) with the ability to make minor changes to some application settings. Examples of this service are YahooMail, Google Disk, Office Online, etc.
PaaS- platform as a service. Here you get the opportunity to install your own software and build Saas level applications. Nevertheless, the control of operating systems, servers, data storages remains with the provider. The simplest example here is hosting, where you install your CMS, modules and plugins for it, and also get access to MySQL, PHPMyAdmin, etc.
IaaS - infrastructure as a service. Here you have even more freedom - the provider provides only the physical foundation of computing power (virtual machines), on the basis of which you can deploy your cloud infrastructure and implement your own PaaS and Saas solutions, controlling the installed operating systems and applications.
Benefits of Cloud Services
The minimum initial costs . Initially, to build its own information system, the company needs to purchase expensive equipment and software, as well as pay for the debugging of its performance, which translates into not only significant financial, but also time costs.
When using cloud technologies, it is enough for you to sign a contract with the provider, after which you will almost immediately receive all the services necessary for the development of your business on the terms of the agreed monthly payment.
Availability . You and your company’s employees get access to corporate information located on the cloud, at any time, from any devices (smartphones, tablets, laptops) and from any place where there is an Internet connection.
Flexibility and adaptability . In the event that you need to use additional computing resources and connect new services, the provider is able to provide them to you within a few hours. Similarly, you can at any time refuse to use certain services if they are no longer needed.
Lack of operating costs . When using cloud services, you are not concerned with the costs associated with maintaining the components of the IP and maintaining its performance - all this rests with the provider.
Mobility and independence. The standard server infrastructure is tied to the office of the company and in case of its relocation, you will have a lot of problems associated with the transportation of equipment, laying of cable communications, renegotiation of contracts with Internet providers, etc. When using cloud services, you are not tied to your to the office.
Protection of information on cloud resources
Despite all the advantages of cloud technologies, many company leaders are wary of their use, because they do not want to trust the processing and storage of their corporate information to a third party, worrying about its safety. In addition, if the data is stored on the cloud, then to whom does it belong - to you or to the provider of this service on whose servers it is located? And can the provider at some point deny you access to the posted files?
Another important question is how secure is your information after it is placed on the cloud? Cloud service providers argue that there is no cause for concern, since protecting customer information is a matter of primary importance to them.
However, even if the provider manages to protect your data from an external attack, can you be sure that the employees of the cloud service itself will not exceed their authority and will not get access to your information? Even if encryption is provided on the cloud, encryption keys are also stored on the cloud server, which means that everyone who has access to them can get access to your encrypted data.
Therefore, the only solution in this case is the encryption of information on the user side and sending it to the cloud already in encrypted form. At the same time, encryption keys are stored only with you and the possibility that malicious data will be accessed by your data from outside or employees of the cloud service itself is excluded.
Cloud Encryption with CyberSafe
When working with CyberSafe, all data sent to the cloud is pre-encrypted and gets to the remote server in an encrypted form. The encryption keys will be stored either on the user's local computer or on removable media. The security administrator gets the opportunity to assign the keys of certain users to each encrypted folder and thus differentiate access to various categories of information.
Data encryption on a remote cloud resource (in this example, Google Drive) in CyberSafe occurs according to the following scenario.
1. In the corporate account for the folder with encrypted documents (in this example, Group1), the security administrator sets up shared access for those employees who will continue to work with them. This is done by means of Google Drive - invitations with access to this folder are sent to the email addresses of user data assigned to their accounts. Also, the administrator sends an invitation to his email address:
Here, users are given access rights, such as Editing and Reading .
2. After that, the administrator logs into his personal Google Account, accepts the invitation sent and adds the Group1 folder to his Drive. Both the administrator’s computer and the computers of other employees should already have Google Drive applications configured to work with the corresponding accounts.
3. After the synchronization has occurred and the Group1 folder has been copied to the administrator’s computer, he adds it to CyberSafe in the Cloud Encryption section and assigns user keys to this folder that can work with it
later : In the future, the security administrator can always reassign the keys, removing a user from the group or add a new key.
4. After adding the keys, CyberSafe will createsynchronization folder (mirror copy of Group1 folder). In the future, all actions with encrypted files are carried out only from the synchronization folder:
5. Similarly, the administrator adds other folders with files to CyberSafe that must be encrypted and assigns keys for other employees to them.
In order to start working with these folders, they must be Enabled :
After the folder is turned on, all the files in it are available to work in transparent encryption mode.
6. CyberSafe will create encrypted copies of existing files, after which all unencrypted originals will be deleted both from users' computers and from the cloud resource. All new files added to these folders are automatically encrypted.
7. On the cloud in each folder create a file CyberSafe cybersafe.cloud.conf , which contains the public keys of the users admitted to it. In order to prevent users from making changes to it or deleting this file, the administrator allows only its reading.
8. Similarly, users add encrypted folders to CyberSafe on their computers. After that, they get the opportunity to work with documents in the folders to which they are allowed, and the changes made by each of them, as a result of synchronization, are updated on the computers of the entire group. At the same time, copies of files hosted on the cloud are always encrypted.