How to get secure data access for remote files

Being a few weeks into this new “remote lifestyle,” many organizations are still scrambling to give everyone access to their data, often there is no real thought about the cybersecurity implications. Now is the time to make sure that all those files accessed remotely are safe and secure.

Do you know how to check if your data is secure?

One of our core pillars is security. Why? Because if you don’t have secure data, what do you have? Although it pains me to write this, we have hackers everywhere trying to access everyone’s data. As if the hospitality industry hasn’t suffered enough, poor Marriott was hacked, and more than 5 million guest’s records stolen.

In 2019, Synopsys and SAE International, released a report, based on 593 responses from IT security practitioners and engineers, suppliers, and service providers in the automotive industry. They found that 84% of those polled have concerns that their organizations’ “cyber-security practices” are not keeping pace with evolving technologies.

And according to a recent article in Security Boulevard on the media and entertainment industry, cloud security management is one of the top five technologies that will impact the user experience. As more media houses migrate to the cloud in the public environment, critical factors like data encryption and cloud workload security will take center stage for M&E.

Even though organizations run workloads in the cloud, the level of understanding about security in the cloud remains low; in fact, it is often an afterthought in cloud deployments. Security solutions need to expand to new, adaptable, cloud-native architectures that deliver scalable protection. Now more than ever, we are relying on technology for our remote workforce, which brings increased risks. It is crucial to start planning and paying attention to our security measures for our data.

What does data security mean to LucidLink — everything!

LucidLink’s “zero-knowledge” encryption model embodies this approach, where your cloud storage providers know nothing about the data the customers store and transmit on their infrastructure. To achieve that, we use a strong end-to-end, full system encryption where all data is encrypted on the customer device and remains encrypted both in transit and at rest with only the customer in possession of the encryption keys. Most importantly, neither LucidLink nor the object storage provider can “see” the data, allowing our customers to treat the entire hosting environment as a semi-trusted service. In other words, you can trust the providers to reliably store and transmit their data but not with its contents.

Not your typical server-side encryption

LucidLink’s security model is in contrast with server-side encryption typically employed by other cloud storage services, where data is encrypted at rest. With encryption at rest model, the storage providers have access to the encryption keys and therefore have full access to the content itself. To emphasize this difference, it’s worth pointing out that in LucidLink’s encryption model, there is no ‘password reset’ for a lost password; losing it leads to permanent data loss. All file synchronization solutions replicate whole data sets on each client device. LucidLink’s technology is fundamentally different as it streams only the data bits of a file on-demand and only metadata is synced across the clients. LucidLink is not in the data path, and clients access their data in the cloud directly. This eliminates any need to be concerned with locally synced cloud-based data across one or multiple devices.

AES-256 in GCM mode

Using LucidLink Filespaces, each file has its own unique encryption key to provide isolation and minimize the attack surface. We support different ciphers and transport encryption modes to offer the best tradeoff between performance and security to address each customer’s specific needs. By default, we use the strongest AES-256 in GCM mode, a form of authenticated encryption. Using authenticated encryption has the added benefit that any malicious tampering or data integrity issues such as bit rot on the server side will be immediately detected upon access. This offers a high degree of guarantee and peace of mind that any accessed data is indeed genuine. We pride ourselves on our encryption, and you can read more about LucidLink’s robust security model.

For enterprises looking to migrate business-critical workloads to the public cloud begin with security first. LucidLink Filespaces, cloud-native file service, is a one-of-its-kind system that ensures data security down to the very last byte.