back to article Controversial opinion alert: Privacy and the public cloud – not just possible, but easy

Like it or not, collaboration and file-sharing services like Dropbox have become embedded in corporate IT. What started as personal technology has increasingly become the alternative to everything from moving files using USB to sharing docs via email or an internal wiki. But we live in an age of hackers and hacking, spies and …

  1. Anonymous Coward
    Anonymous Coward

    nCrypted Cloud

    Is older than any of the wrappers mentioned in this article. Odd it wasn't included.

  2. Anonymous Coward
    Anonymous Coward

    Embedded?

    How about you use Dropbox at work I embed your P45 in your grubby little hands, along with providing a reference saying you knowingly and wilfully breached information security policies?

    1. Trevor_Pott Gold badge

      Re: Embedded?

      I'll wait here whilst you explain that to the executives far above your pay grade. And by wait here, I mean laugh until my ass falls off.

      1. Anonymous Coward
        Anonymous Coward

        Re: Embedded?

        Easy. 3 letters. I C O and £500,000 fines.

        1. Trevor_Pott Gold badge

          Re: Embedded?

          Lots of other countries in the world. Many that give negative fucks about fines. For that matter, plenty of executives don't give fucks about fines. You're IT. Make it work. You don't get to dictate to executives, etc.

          Sysadmins aren't the iron rulers of their little fiefdoms anymore. They're digital janitors. Best invest in industrial cleaning products.

          1. Doctor Syntax Silver badge

            Re: Embedded?

            "For that matter, plenty of executives don't give fucks about fines."

            No, they'll just sack the IT manager who didn't stop them doing it. Who said life was fair?

            Actually I've worked for companies who took security seriously They'd have been on the A/C's side.

            1. Trevor_Pott Gold badge

              Re: Embedded?

              The existence of an exception does not invalidate the broadly general applicability of the rule.

              1. John Smith 19 Gold badge
                Unhappy

                "The existence of an exception does not invalidate the..general applicability of the rule."

                This is charmingly combative of both parties but perhaps a little OT?

                You're right about (strong) encryption needing to be transparent (and it should be a lot easier than it is).

                It's long past time internet protocols took the good will of any node they link to for granted and the net stopped being a happy hunting ground for TLA's and Black hats.

  3. Anonymous Coward
    Anonymous Coward

    possession, etc

    All of these are valid points. However, possession of the actual bits is important too. I reluctantly use cloud storage but generally only copies of items I would not mind losing.

  4. Doctor Syntax Silver badge

    So we make life safe for storing data in the cloud by making sure the data's encrypted and then we store the keys in the cloud. Do we encrypt them there? If so where do we store the keys to the keys?

    1. TReko

      Key management - that's the hard part. Part of the extra security of encrypting cloud data is not putting the keys on the cloud.

      The Cloud is another word for someone else's computer. Unless you encrypt data before uploading it to cloud storage, you run an unacceptable risk of having it stolen.

      Local encryption, done before uploading to the cloud is available through a wide variety of apps, as mentioned in the article. VeraCrypt http://veracrypt.org works with Microsoft's OneDrive, while SyncDocs https://syncdocs.com encrypts Google Drive.

      Keeping keys local enhances security, but makes it more difficult to use. Solving the KMS problem will lead to a pot of gold.

      1. John Smith 19 Gold badge
        Unhappy

        Solving the KMS problem will lead to a pot of gold.

        Solving the KMS problem transparently will lead to a pot of gold.

        FTFY

    2. Roland6 Silver badge

      Re: If so where do we store the keys to the keys?

      In the grey matter of the wetwear!

      Ultimately, after you've stored the operational keys on the FIPS-140-2 flash drive and written the key to that on a piece of paper and placed that in an envelope in the safe etc. etc. someone is going to have to remember that the key to the keys is in the top draw of the CTO's desk...

  5. Bluehand

    Microsoft has an enterprise licensing management system they call KMS

    Microsoft has an enterprise licensing management system they call KMS - Microsoft's KMS is a license management service for Microsoft products, it's not a key management product.

    The product you want is called Active Directory Certificate Services. Active Directory Certificate Services (AD CS) is an Identity and Access Control security technology that provides customisable services for creating and managing public key certificates used in software security systems that employ public key technologies. Phew...

  6. John Robson Silver badge

    Why...

    Are we not distributing public keys (for everything, crypto and authentication) over DNSSEC?

    It's not as if this is a new problem - is it?

    Key rotation and replacement becomes a simple job for the person receiving the data - distribution is handled automatically.

    Have a reverse lookup of the key with a flag to indicate key revocation before the expiry date.

  7. eldakka
    Joke

    Boxcryptor - damn, if they weren't already hard enough to get into :(

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like