Welcome to the Data Sovereignty articles by Cryptyk.
Cryptyk recognizes that achieving data sovereignty (control) is critical to any organization. Looking through the lens of absolute data ownership, this series of articles reviews how specific threats are neutralized by Cryptyk’s hybrid blockchain technology. The most common form of threat is external — think hackers, viruses and malware. However, other vulnerabilities exist, in the form of blind trust of cloud storage providers, the governments that have jurisdiction over them, and trust in those who have internal (granted) access to your data. In spite of these threats, Cryptyk has proven sovereignty is now possible to achieve. Cryptyk’s hybrid blockchain technology creates an architecture for storing data that allows complete peace of mind for an organization that uses their enterprise cloud storage and security services.
In this article we focus on the need for enterprise to use cloud storage services, and the real vulnerabilities blind reliance on existing platforms represents to stored data.
For a comprehensive look at how the Cryptyk platform addresses all threats to data sovereignty, read our anchor article, Achieving True Data Sovereignty.
Mass-migration to cloud-based storage and computing
Following an initial distrust that organizations felt towards cloud computing, there has been a visible adoption of the storage and computing solution. According to Forbes, as of 2017, 73% of companies are planning to move to a fully software-defined data center within 2 years.
The appeal of being “cloud first” is obvious; providers own the servers, they perform the maintenance and organizations pay a small service fee for access to features. The main draw is the opportunity for live collaboration from anywhere in the world, at any time. Affordability and freedom from in-house infrastructure costs have tightened the rate of adoption for cloud-based services.
Risk and threat abound on the current cloud
In spite of their benefits, cloud service providers can leave organizations’ data, especially that of enterprises, very vulnerable.
According to Cryptyk, this is a visible threat to data sovereignty and limits an organization’s ability to completely and safely control its data, even when it is shared.
Traditional cloud-based services are a centralized target. If a storage provider was hacked, untold amounts of sensitive data would be easily available to predators. This happens frequently with existing platforms, and the Cloud Security Alliance, in its report, lists “data breaches” as the number one unavoidable vulnerability.
Traditional cloud-based services can never be immune to new threats. Even if providers were to respond quickly to a hack or a breach, technology is constantly improving. This leaves providers vulnerable to “zero-day attacks” which are attacks when a virus or piece of malware is new and unknown by the security community.
Traditional cloud-based services are a single point of failure
If a storage provider was to suffer a successful Distributed Denial of Service (DDoS) attack, multiple clients would be unable to access their data or applications for extended periods of time. This is also true if there are any internal problems with the provider themselves, such as unexpected hardware failure.
In 2017 Amazon Web Services suffered a 4 hour downtime . The clients who relied on AWS, and the sites and organizations that use AWS, lost more than $150 Million of revenue. This affects customers who are not even aware of their reliance on AWS, which is almost anyone who uses an online platform. Services that experienced failure were Slack, Quora, Coindesk, Kickstarter, GitHub, HipChat, Adobe’s services, Expedia, Zendesk (even Medium itself)
“If you think you aren’t a customer of Amazon Web Services, you’re probably wrong — you just don’t know it” says NY Mag. “But that also means that when AWS suffers downtimes, suddenly a big chunk of the web you either rely on for work or rely on for distraction are also affected.” NY Mag confirms.
For any organization, access to data must not be limited to a single point of failure. (NOTE: Cryptyk is entering a partnership with AWS, and thinks highly of their services. It is simply that any single point of failure is a vulnerability no matter what the organization).
Traditional cloud-based services have total access to your data
An important question any organization should ask is “what if the cloud service providers decided, for any reason, to access our data without our knowledge. Or, what if they were pressured to give access to it to another organization, such as a government?”. Inherent trust in the companies we give our data comes from good PR and public trust in the companies (a.k.a. “too big to fail”). A breach of trust would be a violation of privacy for an individual, but presents an unacceptable liability for any organization using the cloud.
Cloud-based services are structured to foster great reliance on one source with security systems that simply aren’t sophisticated enough. Data sovereignty should be a right, not a privilege.
The impact of any threat succeeding is often irreparable
When enterprise data is compromised, organizations are legally required to publicly disclose these incidents. With public disclosure of a breach comes a massive hit to reputation. However, that does not begin to factor in the dollar costs of investigating a breach; organizations require a full taskforce including cybersecurity consultants and lawyers. Investigations aside, bringing offenders to justice, fending off lawsuits and mending a broken public image is complicated enough.
For the majority of organizations, a big data hit could mean an end to business. A dire consequence for those who do not outlive their data misfortunes. This is typically true of the small-to-medium sized businesses. Sadly, studies show that a shocking 87% of small businesses owners did not think their businesses were vulnerable to cyberattacks.
Cryptyk was founded to achieve reliable cloud storage and security for industries where privacy and uptime is an absolute must. Hospitals/clinics, financial institutions/credit bureaus and law firms are at great risk of being hacked for the valuable client information they hold. If businesses do survive a data hack, reputation damage results in client loss, lawsuits, and devastated public image.
Hybrid Blockchain technology achieves true data sovereignty on the cloud
Enterprises face big risks from the loss of data due to service provider vulnerability. However, they still need the flexibility of cloud-based computing and storage. As such, they need the guarantee of complete ownership over their data even when shared with others.
Cryptyk is the first single vendor platform to offer enterprise-level cloud storage with a full integrated security suite. Cryptyk’s hybrid blockchain technology is built by integrating two separate, decentralized platforms: VAULT and SENTRY. Together, these platforms create a passively secure, “safe-to-hack”, architecture with guaranteed uptime. The concept is simple:
VAULT is a decentralized cloud storage platform. Files stored with VAULT are encrypted once, then split into five separate pieces (using intelligent randomization). Each piece gets a full second encryption, and is then stored on five of the major independent cloud storage providers or nodes — Google, Amazon, IBM, Rackspace and Box. Only a user with specific keys, which are stored offline, can assemble the pieces correctly and undo the double decryption.
VAULT’s architecture achieves the much needed data sovereignty. It offers immunity from all breaches, and eliminates the requirement of blind trust based on the file storage method mentioned above. Even if an attempt to compromise a was successful, any file shard obtained would be entirely unintelligible, and impossible to relate to its other 4 components (which are each hosted by entirely different storage giants). This even holds true for the companies that host your data. If one of Cryptyk’s storage nodes looked into their folder architecture, all they would see is unintelligible, double encrypted shards of millions of files. Only the user has keys that can locate the shards across all 5 platforms, and decrypt them into a readable file.
VAULT is also passively immune to viruses and malware: Even if a virus gets past the security portal, SENTRY, and makes it onto VAULT’s storage nodes, it is also encrypted, randomly split into 5 pieces, and encrypted again. It remains in pieces, effectively frozen until a security sweep discovers it, preventing even a “zero day” occurrence (attack from a previously unknown virus). A frozen virus on the cloud can not infect other files in the storage, open up back doors to the storage architecture, or encrypt entire folders and hold them ransom (ransomware attack).
VAULT guarantees uptime and access
Cryptyk users are never dependent on a single point of failure. VAULT uses a security method called erasure coding to create multiple backups of each of the 5 pieces before they are stored on one of the 5 storage nodes. It then distributes the backups amongst the other 4 nodes. If an entire storage node goes down for any reason (Bot attacks, hardware failures, etc), files on Cryptyk can be seamlessly assembled from those backup shards. Even if two nodes failed simultaneously, Cryptyk users would not notice a change in data accessibility or speed.
SENTRY is a robust decentralized security platform that seamlessly protects VAULT. At its core, it is a secure portal that uses blockchain technology to control permissions and record all user activity and access to VAULT’s files and data. SENTRY is not just a blockchain, it is a full security suite with a wide array of features.
Another function of SENTRY is to act as a secure portal to interact with your data. Popular software (Excel, Word, Asana) will plug directly into SENTRY’s API. With a perfect ledger of all activity, (including that of administrators), real-time proof of security can be checked and suspicious activity or behavior will be picked up by AI that have learned what a normal operation looks like.
SENTRY guards access to VAULT’s architecture. It enforces a secure portal where users can interact with their data via its granular file-permissions structure, and complete set of security tools. Additionally, a perfect record of all access to the files and user activity monitored by AI allows a new proactive approach to anticipating threats.
Integration of two different distributed platforms creates perfect protection
Together, VAULT and SENTRY eliminate all threats and vulnerabilities presented by using traditional cloud service providers. Cryptyk users can depend on guaranteed file up time, and know that no other individual or organization can access their files or data without permission. By understanding how Hybrid Blockchain technology solves all of the risk to using cloud storage and service providers, enterprise customers can finally feel secure in data sovereignty on the cloud.