Cloud computing: How safe is your data?

June 19, 2013 - 06:32

Cloud computing enables users to save their data online rather than on their hard drive. This data may, however, also become available to strangers. Danish scientists are working on a solution.

There are a few entirely European-owned servers for cloud computing, but most cloud services are owned by American companies. These services do not necessarily provide Europeans with the same privacy and data protection that their own citizens get. (Photo: Colourbox)

You may not know what cloud computing is, but there’s a great chance that you’re already using it.

Google, Amazon, Skydrive and Dropbox offer us an alternative to our local hard drives – a place in their ‘cloud’ on their servers. These servers are usually located in the US and are thus not subject to the European Data Protection Act.

Storing data on large servers protects users against e.g. crashes, which means a lot of money can be saved on hardware.

Potential problems ahead

Another interesting aspect of cloud computing is that users can take advantage of the computing power of all the computers that are connected to the cloud and all the data inside it. This is known as Big Data.

Big Data are huge databases where users can analyse the data e.g.to spot business trends, determine the quality of research or to prevent diseases.

You do not want to be dependent on other countries’ policies, but you would like the advantage of having data in the cloud.
Ivan Bjerre Damgård

The largest databases belong to Facebook and Google.

Many have predicted a promising future for Big Data, with lots of new jobs in areas such as research into diseases and, not least, in the marketing of new products.

However, there are also problems associated with Big Data – problems of ownership with regards to data and results.

“The greatest challenge for Danish businesses today consists of transferring the responsibility for their own data from those who own the cloud to their own organisation. You do not want to be dependent on other countries’ policies, but you would like the advantage of having data in the cloud,” says Professor Ivan Bjerre Damgård, of Aarhus University’s Department of Computer Science.
He is one of the researchers behind an EU project, which aims to increase the security of cloud computing.

The virtual space is filled with spies

An additional problem is that the virtual space where we store our files appears to be full of spies. This could affect businesses that have confidential information stored in the cloud.

We are currently developing a method which enables the user to calculate in the cloud while the data is encrypted – without the need to ‘unlock’ them first.
Ivan Bjerre Damgård

For this reason, Sweden recently banned civil servants from using Google apps such as Gmail and Google docs as they are not believed to be sufficiently safe.

A former chief privacy officer at Microsoft, Caspar Bowden, has repeatedly argued that the encryption offered by Microsoft is highly inadequate. He has also more than hinted at a collaboration between Microsoft and the CIA.

Privacy and data protection

There are a few entirely European-owned servers for cloud computing, but most of today’s cloud services are owned by American companies. These services do not necessarily provide Europeans with the same privacy and data protection that their own citizens get.

With the recent disclosure of the PRISM national security surveillance program, operated by the United States National Security Agency (NSA), it became clear that US intelligence agencies have direct access to services such as Google, Facebook, Amazon and Microsoft, all of which can be described as being ‘cloud services’ in one way or another.

Safer ways of using the cloud

“The disclosure of what the NSA is doing did not surprise me,” says Damgård. “It has been known for a while that intelligence services use great resources on developing methods for filtering data, so they won’t have to analyse everything.”

It may seem contradictory that users can calculate encrypted data, but it is possible and it provides a high level of security. If anyone other than those who own the data gains access to it, they will only see encrypted data. Our system is a bit slower, but the security is high. We can already perform some calculations in the cloud, but give us a couple of years, and we’ll be seeing greater results.
Ivan Bjerre Damgård

It is therefore also no great surprise, he explains, that the American authorities had access to cloud services and social media.

Together with colleagues, he is currently looking into new and safer ways of using cloud computing.

”If you encrypt your data with a key before you save it in the cloud, only you will have access to it – that’s something most of us know. What’s new is that we are currently developing a method which enables the user to calculate in the cloud while the data is encrypted – without the need to ‘unlock’ them first,” he says.

“It may seem contradictory that users can calculate encrypted data, but it is possible and it provides a high level of security. If anyone other than those who own the data gains access to it, they will only see encrypted data. Our system is a bit slower, but the security is high. We can already perform some calculations in the cloud, but give us a couple of years, and we’ll be seeing greater results.”

-----------------------

Read the Danish version of this article at videnskab.dk

Country
Translated by
Dann Vinther