Securing the Cloud

How Graphite, Blockstack, and Blockchain technology can help provide the same convenience of the cloud with none of the problems that come with the cloud.

Cloud computing changed the way we work, the way we interact, and the way we connect. It made it possible to work anywhere, anytime, from any device. It’s great. It’s a freeing sort of thing to be able to do what you want, when you want (whether that’s work or more playful things).

But when we take a step back and consider what that freedom actually looks like, are we really all that free?

For the most part, using a cloud app means giving access to the company that manages that app. It’s the equivalent of renting a storage unit and then trusting the storage company to provide the lock and not go snooping around your stuff. Wouldn’t you prefer to bring your own lock, hold your own key, and force the storage company to remove your lock by force before they were ever able to access your stuff? The same should be true for cloud computing.

We shouldn’t make it as easy as it is for a provider to view our content, our files, our life. We shouldn’t make it easy for a company to willfully hand over our data to any government or other authority. But that’s exactly what we do when we trust Google and Dropbox and Box. That’s exactly what we do when we trust any app that maintains its own database. We can fix this, though.

There are three main things necessary for securing the cloud and creating a new world of decentralized computing:

1. Secure Identity
   This should be an identity not owned by the apps you access or the storage providers you use or even the government of the country or region in which you live. This identity should be yours and yours alone. It should be verifiable by anyone and immutable.
2. Encryption
   End-to-end encryption gets thrown around way too much lately. Many things are encrypted. Almost all cloud computing services (if they’re worth anything at all) encrypt your data at rest and in-flight, thus creating the illusion of end-to-end encryption. However, the vast majority of these services own your encryption keys and can unlock you data anytime they want. And for those that do not, for services like Graphite where key generation happens client-side and outside of the control of the app or the company, it’s important to make sure that encryption serves a meaningful purpose. What good is it to encrypt something that can’t be accessed? Which brings us to point three.
3. Data Replication
   When a bug in Google’s code started locking people out of Google Docs, the trouble with any reliance on a single provider for access to files and other data became clear. Data replication solves this. When that data is distributed across multiple cloud storage providers and inaccessible by those providers through strong encryption, the single point of failure issue is removed. A bug that prevents access to a service or a calculated decision by a company to remove access for some users is overcome by the fact that that same data is replicated in many locations.

There are many other steps that can be taken to help secure cloud computing and turn it into decentralized computing, but these three points above are a great start. We have arrived at a point in the history of computers where we can have the convenience we’ve now come to expect with none of the privacy concerns we’ve come to accept.

Graphite offers decentralized and encrypted document creation, spreadsheet creation, file storage and management, and communication. Secured through a log-in system that utilizes W3C-compliant self-sovereign identity, elliptic-curve cryptography, and data replication, Graphite provides the convenience of Google with none of the tradeoff.