Marketing jargon touts cloud-based security solutions as an innovative and new approach to mitigating cyber security threats to your network, your enterprise, your data. The pitch often includes buzzwords like “Secure Managed Cloud” and “cloud-based Cyber Security” but offer little insight as to the actual path your “secured” data/information traverses before reaching its ultimate destination.
Follow the Path
If you visualize the path your information were to travel, which of the following journeys would you think is the most secure?
Data/information that is:
- Encrypted locally
- Transferred to an intermediary
- Decrypted by that intermediary
- Re-encrypted by that intermediary
- Transferred to its end destination
- Decrypted upon delivery to its end destination
Or data/information that is:
- Encrypted locally using strong encryption algorithms and an end-to-end key exchange technology that are perpetually challenged by academia and found to have no vulnerabilities
- Transferred to its end destination
- Decrypted locally using strong encryption algorithms and an end to end key exchange technology that is perpetually challenged by academia and found to have no vulnerabilities
The answer is obviously the latter, but it seems that most people aren’t aware of how encryption really works, or exactly how their data flows from point-to-point in the cloud-based model, and how that data can be compromised when it’s transferred into and out of the cloud-based security along the way.
Cloud-based Security is a Flawed Model
Cloud-based security is by its very nature insecure. “Man-in-the-middle” attacks have been around since the evolution of cryptography. End-to-end security is paramount to true cryptographic security. As illustrated in the first example, the man-in-the-middle vulnerability is a flaw baked into most cloud-based networks. Any time your secured data/information is decrypted it is vulnerable, and many cloud-based networks make use of backend interfaces that, in striving to make the product easier to navigate, result in opening up the network to additional threats. That GUI-based “device management portal” may look slick, but it’s of no use if your data/information isn’t safeguarded.
To move your data through a cloud-based security offering, it must be decrypted at the midpoint and then re-encrypted before going on to its recipient, leading to a significant potential point of intrusion, the cloud.
Data that is decrypted and then re-encrypted at the midpoint is potentially vulnerable to capture, modification or even denial-of-delivery. The mathematical encryption process needed for this type of transfer is not nearly as secure as the key-based algorithm employed in a direct end-to-end transfer
As the data passes through the cloud and is decrypted, it is exposed not only to any flaws inherent in the system but also to any compromises that may be introduced by other peers uploading data to the same server or cloud. Just as a chain is only as strong as its weakest link, a cloud-based security plan is only as secure as its least-protected client.
Before agreeing to a cloud-based security solution, you need to ask yourself and your provider if the data is decrypted midstream and what kinds of intrusion detection they’re offering to safeguard your valuable data from the potential malfeasance of other clients with whom you share access to the cloud.
Why End-to-End Security is Superior
Because data in the point-to-point pathway is only “seen” by the sender and the recipient, it can be encrypted using more sophisticated techniques. With end-to-end security, your data is encrypted algorithmically and can only be accessed by the end user if that user has the proper key to decrypt it. Hardware-based solutions, such as those offered by Sub-U Systems offer encryption methodologies more secure than the mathematical encryption used by cloud-based networks.
Sub-U Systems devices offer secure, powerful, and efficient enterprise-level information security no matter where you do business. Don’t trust your valuable data to a potentially insecure cloud-based security solution. Our end-to-end encryption employs a cryptographic library that has been validated “secure” under Federal Information Processing Standard (FIPS) 140-2 by the National Institute of Standards and Technology (NIST), and our appliances run on firmware to meet or exceed National Information Assurance Partnership Network Device and VPN Gateway Protection Profile (NIAP PP) requirements.
Contact us to learn more about how we can safeguard your data no matter where you do business.