By blog Jul 07 2021
More and more companies are considering cloud storage because of its lower implementation costs and easier data sharing as compared to maintaining and managing their own servers. However, security is still the biggest worry. If this concern is not addressed, companies are unlikely to take the plunge with confidence.
In this article, we will examine how data security works and then take a deep dive into cloud storage safety.
While the term "cloud" has become common in business, many people may still only have a vague idea of what it means. First, let's take a look at what cloud storage means, and then explore the characteristics and risks of cyber attacks.
In the context of computers, smartphones, and tablet devices, storage is the built-in system and hardware for storing and managing data. External storage can be connected if the internal storage is insufficient, and it can also be used for backup and storage of previous data.
Cloud storage allows users to remotely access and use stored data and applications via the Internet. One feature is that users can purchase only as much as they need. Another is that because the cloud service provider maintains and manages the storage, users do not need extra professional staff.
Cloud storage can be low cost to install and easy to use, but are there any security concerns? Next, we will cover some of the typical cyber attacks to which the cloud is susceptible.
A Man-in-the-middle (MITM) attack, also known as a "bucket brigade attack," involves a cyber attacker intervening between a user and a service to steal or alter the data being exchanged. Even though it is a relatively old cyber attack method, recently, there has been a surge in its use.
How can a cyber attacker steal encrypted communication content? For example, suppose that two parties are using public key cryptography for communication. A cyber attacker intercepts one party’s message with a public key and sends a message with his own public key to the other party. The recipient, thinking the message is from the first party, sends data encrypted with the attacker's public key. The attacker receives the message in the middle and decrypts the data with his own private key. The attacker can then send a message to the first party that appears to be from the second party, with both parties being unaware that their encrypted communication has been compromised.
Cloud service providers store a huge amount of data, including personal details, intellectual property, and confidential business and financial information. Such data is a treasure trove for hackers, making it a tempting target for unauthorized file access and hacking.
In fact, according to the "Status of Notifications of Computer Viruses and Unauthorized Access" report released by the Information-technology Promotion Agency, Japan (IPA) in February 2021, the largest percentage of damage from unauthorized access reported in 2020 was to web servers (26.7%), followed by client PCs (13.1%). For many of us, the memories are still fresh of companies using cloud services, such as Rakuten, PayPay, Aeon, ANA, etc., that have fallen victim to unauthorized access since December 2020.
Let's take a look at the security measures implemented by Tsukaeru FileBako to protect cloud data from MITM attacks and unauthorized access by hackers as described above.
First of all, to protect your data from MITM attacks, all communications through Tsukaeru FileBako are based on SSL/TLS.
Technology that encrypts communications over the Internet, SSL/TLS prevents third parties from stealing or altering data. Websites protected by SSL/TLS have URLs that begin with "https" and are characterized by a key mark in the browser's address bar.
In SSL/TLS communication, an "SSL server certificate" is issued to guarantee that all communication between the server and the client is encrypted. By guaranteeing the website authenticity with a server certificate, MITM attacks mentioned above can be prevented.
According to a February 2020 McAfee survey of 1,000 companies in 11 countries, 91% of the cloud services used by companies did not encrypt the data they held. As the use of cloud services expands, so does the risk of unauthorized access, and FileBako is fully capable of encrypting data.
Tsukaeru FileBako runs on client terminals, but all communication is AES encrypted to ensure security. The PC platform also uses Microsoft's encryption engine to protect files.
All files are obfuscated in a renamed and expanded format so that hackers and attackers cannot find the files even if they try to break in. AES encryption is also used to encrypt data on customers’ servers, but only 256-bit keys, the highest level of encryption technology, are used to encrypt files.
The password used to log in to Tsukaeru FileBako is hashed using a salt (a random string of characters added before the password is hashed) and saved to the system.
After login, client/server communication is conducted through APIs using tokens generated by the domain administrator, and no user names or passwords are used in API communication.
As explained above, Tsukaeru FileBako has all the security measures to counter your cloud service concerns.
Files stored in the cloud can be edited and organized in a familiar way, and unlimited files and folders can be shared with other users using web links. Also, there are flexible storage options depending on the amount of data needed.
Unlimited users are available from 9,800 JPY/month (10,780 JPY/month including tax), and a 14-day free trial is available to experience how easy it is to use.
Click here for more information on Tsukaeru FileBako.
Call toll-free: 0120-961-166
Office hours: 10:00-17:00