Securing files in Cloud

Recently, I was looking on ways to secure the files we store in cloud for various reasons. I was surprised that Amazon, Rackspace or any other cloud vendor’s lack of APIs to secure storage by certificates or encrypting or other means. While researching around, I read about three interesting solutions

1. Microsoft Encrypted File System (EFS) – I felt that this takes too much time & effort to accomplish this and we are dependent on setting up certificate services and more. I gave up.

2. TrueCrypt – This is great. This is an opensource project, you just download and install the program and follow easy instructions to create a volume. Entire data in the volume is encrypted and password protected. One need to mount the volume by providing the password to access the files. However, once mounted it gives free access to anyone logged on to the machine / server.

3. AxCrypt – This is good if you want to encrypt individual files, while TrueCrypt is to secure the entire disk / volume that you define.

Here is a good review on TrueCrypt and AxCrypt.

I’m still looking for a tool that offers an API which I can call programmatically and secure the volume. In case of Truecrypt, I can create an S3 volume or a storage volume in cloud, define it as encrypted and mount the volume on the server to which it is attached. However, if some hacker gets in to the server, then he / she can read the files. Since the files are no longer encrypted once you mount it, this becomes meaningless. This would be helpful as long as no one can get into the server (this is the same case with Windows EFS as well).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: