Training materials obtained by the Post instruct new analysts to submit accidentally collected U.S. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.Īnalysts who use the system from a Web portal at Fort Meade key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. The PRISM program is not a dragnet, exactly. They claim that they’re not collecting all data, but it’s not clear that makes a real difference: This program, like the constant surveillance of phone records, began in 2007, though other programs predated it. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.ĭropbox, the cloud storage and synchronization service, is described as “coming soon.” The technology companies, which participate knowingly in PRISM operations, include most of the dominant global players of Silicon Valley. The latest, from the Washington Post, is that the NSA has direct data mining capabilities into the data held by nine of the biggest internet/tech companies: And it seems to be spurring further leaks and disclosures. “For something as important as the keys used to encrypt a customer’s data, that seems like two extra steps that, again, add risk and vulnerability,” Todd Partridge, director of Strategy, Intralinks said in a statement.Obviously, the Verizon/NSA situation was merely a small view into just how much spying the NSA is doing on everyone. Suddenly a key management solution from Box gives customers two new vendors. Customers who use Box’s EKM partner with Amazon, who in turn partners with another company named SafeNet. Intralinks, which also has its own cloud-based enterprise collaboration offering, provides customers a key holder device directly. For Box customers who want some protection but do not need a Cadillac, it could be attractive.īox competitors are quick to poke holes in the offering as well. EKM is also a Box-specific solution customers may prefer a service that can manage keys across multiple vendors.Ĥ51 encryption analyst Garrett Bekker reckons these reasons will keep a market of third party security vendors alive for the most security-sensitive customers. A rogue employee at Box is an omnipresent threat. If Box were to be compromised a hacker could theoretically access customer data before Box sends the encryption keys to the customer’s HSM. While Sanabria says EKM greatly reduces the chances of a data leak when using Box, it does not eliminate it. ![]() It also may not satisfy the most security-conscious customers. That will relegate Box’s EKM to its largest customers Sanabria estimates those who spend more than $30,000 (€26,247) monthly will likely be most interested in this service. ![]() Box didn’t announce specific pricing details yet but AWS’s HSM starts at about $5,000 (€4,375) with monthly payments of around $1,300 (€1,137), Sanabria notes. Box coming out with its own answer could siphon off some of that market, which includes companies like nCrypted Cloud, SafeMonk, Sookasa, PKWARE’s Viivo and others, he says.īut, EKM will not be cheap. Sanabria says in the absence of vendors like Box and DropBox giving customers the opportunity to hold their own encryption keys that a market of third-party vendors has sprouted up to provide these services. The HSM comes with unchangeable audit logs, allowing customers to keep track of exactly when the keys are used. Interested customers will deploy AWS’s HSM once the hardware is installed on customers’ premises then any data that is sent to Box will be encrypted and Box will send the keys to decrypt the data to the customer for storage in the HSM. “I’d say that client-side encryption has been a major obstacle to increased cloud/EFSS (Enterprise File Synch and Share) adoption.”īox launched the beta of the program after developing it for more than three years, CEO Aaron Levie wrote in a blog post (read the full blog post announcement here). “Yes this is significant news,” says Adrian Sanabria, a security analyst at 451 Research Group. Previously, customers relied on Box to encrypt their data and Box held the keys now, customers get to hold the keys on their own premises. Fresh off its initial public offering, cloud file synch share and storage company Box has a new Enterprise Key Management (EKM) offering out this week that analysts say could ease customer concerns with using a cloud-based service.īox’s EKM uses Amazon Web Services’ Hardware Security Module (HSM), a device that sits on customers premises to hold keys to encrypted data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |