Security and privacy in the cloud: What’s the difference ?
Security and privacy. We hear these two terms all the time. Have you ever wondered what's the difference between the two, and what the big deal is about them? At Hive, security and privacy are the very foundations upon which we are building our products, processes and policies.
Security. In the real world, that’s keeping you safe against dangers. Your front door is locked. Your windows are locked. Your car alarm is on. In the digital world, we rely on firewalls, antiviruses, passwords, biometrics, … to prevent hackers from gaining access to your data and devices.
Privacy. In the real world, that’s having blinds that you can pull across your windows so people can’t see inside your home. In the digital world, that’s making sure that you control who has access to your sensitive data, like your name, bank details, address, etc… Encryption is the most common technique to ensure privacy, hiding all the information from non authorized people, but there are others, such as data anonymization, which consists in removing all personally identifiable information (PII) from data sets. In the context of medical data, it enables researchers to perform some research on the data while preserving the patient’s… privacy.
Privacy usually is identified as the user’s ability to maintain control over their data, and stopping it from falling into the wrong hands, may that be through a breach, leak, or cyber attack.
Security and privacy are generally mixed together, but a security breach and a privacy breach may have different impacts. Let’s consider the example the security and privacy of your data in your bank :
- Privacy and security are good. The bank needs some of your private information to open your account. They safeguard this data, and no else has access to it apart from the bank.
- Security is good, but your privacy is compromised. The bank is sharing your data, or even selling it to 3rd parties, such as marketing companies. This may have even been in the contract you signed with the bank. Unfortunately, your data is now no longer private, even though it’s been kept secure.
- Security is poor, and your privacy is compromised. The bank was targeted and hacked. Criminals accessed the bank’s database, and a data breach occurred. Your information is now published & sold on the dark web. You can now easily be the victim of cyber fraud and identity theft.
Today, a lot of platforms and services on the Internet tout high levels of security rather convincingly, and make it sound like they are private. Unfortunately, that is not the case, and though they offer high levels of cloud data security, they do not offer high levels of cloud data privacy. This is because generally, even if the data encryption is in transit, or at rest, or even both, it’s done with keys that the service provider has access to, and therefore they could decrypt your data at any time. For example, when you store a file on several cloud platforms, although it’s highly encrypted, companies can and do regularly scan the contents of these files - without notifying the person that their files were scanned. This is a good example of high cloud security, but poor cloud privacy.
Hive: Peer-to-peer network
At Hive, we believe that with our peer-to-peer (P2P) network and technology, we can provide even stronger security and privacy services to users around the world.
By virtue of taking each individual file that users store with hiveDisk and breaking them up into tiny chunks and encrypting each chunk with a different key we have a more secure, durable and reliable service than any centralized cloud offering in the market.
Since these chunks are stored on different machines, no one ever gets the entirety of your file in one place, and nobody other than the data owner has means to know where the file is stored, to recompose and decrypt it. Even Hive cannot decrypt the data.
The security of a machine in Hivenet may very well be compromised. Given the number of machines in hivenet, it is very likely to happen. But contrary to a centralized system, such a security breach will have no consequence for the owner of the data: the hacker of a machine in in Hivenet will not be able to know where the other chunks of the file are stored, how these are encrypted, and will thus not be able to damage the file. He will be unable to access, read, compromise or delete the file. The power of our distributed peer to peer cloud is then such that even if the security of some of our users' machines is compromised, the privacy of our users and the overall security of our solution is maintained, which would not have been the case for centralized systems.
At Hive, we believe that distributed cloud is the most effective way to help us embrace the digital transformation of our lives but it can only happen in a world where safety and confidentiality of our data is paramount.