IT Plays Catch-up with Cloud Application Security In the ongoing war to gain more users, many web services have adopted simplistic landing pages designed with the sole purpose of getting users signed up as quickly as possible. In most cases, the security aspect of the service is typically related to a minor footnote, or a […]
IT Plays Catch-up with Cloud Application Security
In the ongoing war to gain more users, many web services have adopted simplistic landing pages designed with the sole purpose of getting users signed up as quickly as possible. In most cases, the security aspect of the service is typically related to a minor footnote, or a vague assurance that it is “safe and secure.”
The marketing hyperbole and lack of detail on such pages means that it can be difficult for those in a smaller business who likely don’t have the security expertise to properly understand and appraise what they’re really signing up for. With this in mind, I outline two key points for SMBs to decipher the security message for cloud services in order to help prevent possible data loss.
SSL Encryption
Secure Sockets Layer (SSL) is a cryptographic protocol that makes it possible to conduct secure communications over the Internet. Without SSL or the use of a similar encryption system, data transfers will be conducted “in the clear” and are completely open to being snooped upon by any system that the data passes through while on its way to the destination system.
There are two key parts to SSL: the asymmetric portion is a 1024-bit digital certificate; the latter is a 128-bit symmetric encryption key. The asymmetric component offers the ability to validate the authenticity of a remote website and transmit a secret symmetric key used for subsequent data transfers between the two parties. Increasingly, though, sites such as Google, Microsoft and Symantec have already moved to 2048-bit digital certificates, while the use of 256-bit encryption keys are also becoming more common.
While considered robust, SSL pertains only to the data transfer aspect and has nothing to do with how it is stored when at rest. Unfortunately, many web services refer only to SSL when touting how good their security is.
Cloud Encryption
Fortunately, not all cloud vendors leave data in an unencrypted state. To be clear, encrypted data have to be decrypted on the fly in order to be displayed on a website. So the effectiveness of such encryption in protecting your data may vary widely depending on their security architecture and implementation.
Similarly, while online storage services such as Dropbox and SugarSync store data in encrypted form, they also hold the decryption key to facilitate data access across multiple devices or on the Web. There are also cloud backup services that encrypt data prior to it being uploaded though, such as SpiderOak and Mozy.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
