Welcome!

Cloud Security Authors: Elizabeth White, Rishi Bhargava, Liz McMillan, Pat Romanski, Shelly Palmer

Related Topics: @CloudExpo, Cloud Security

@CloudExpo: News Item

Trusting Data in the Cloud Is About Losing a Key

The online storage and collaboration market has been hot

The online storage and collaboration market has been hot, with early market entrants Dropbox, Box.net and YouSendIt appearing to have taken the initial lead in providing individuals and businesses with the ability to easily store, share, and send large files between multiple parties.

In the spirit of secure collaboration, at this year's RSA event, Ftopia and GuardTime announced a partnership that hopes to shake up the market a bit by raising even higher the pressing question of one's ability to trust their precious data in the cloud. To answer this question, the Ftopia service is designed to allow businesses to securely collaborate by sharing their files anywhere they want over the Internet without having to rely on trust. Rather, they provide the service with built-in data integrity features that utilize mathematics as its form of proof.

Ftopia does cloud-based data collaboration and storage, and together with GuardTime, a cloud security company, signed a deal to offer the market a provably secure collaboration and storage service. Ftopia uses GuardTime's keyless signature technology to digitally sign the clients' data as it is stored in Ftopia rooms.

As described in the public announcement, GuardTime's Keyless Signature technology provides proof of signing authority, time of the signature, and lifelong integrity for data stored in the cloud and in transit between business collaborators. The signature never expires and its verification is based solely on mathematics, eliminating the need for secrets or keys and the unwieldy management associated with traditional PKI technologies that fail in the cloud.

During an interview with Ftopia CEO Philippe Honigman, I was able to ask him what prompted the creation of the partnership and his new release. "As more information moves to the cloud as the primary place of storage, concerns about trust and security are growing as well," he said. "Traditional, defensive security measures, such as intrusion detection, intrusion prevention, strict network access control policies, or even the tried and true anti-malware technologies, are not enough anymore. Business customers are more likely to entrust their information to a third party when they know for certain - more specifically, when they can prove - that their data has not been altered in any way."

After a quick run-through of the capabilities with Honigman, the workflow appears to remain simple and seemingly unchanged. There is no additional action for the users to take on either end of the file sharing transaction. Each file gets its own signature. The signature is a small file that is automatically created and saved alongside the signed file. If the user wants proof that the file in question has not changed since the exact point in time that it was uploaded, they simply collect the file and its signature and use the verification tool provided by GuardTime to perform the comparison. If the signature can be verified, the file is guaranteed to be the same exact file and can be confirmed that it is that exact file from the exact point in time for which it was signed. If the signature cannot be verified, then the file cannot be guaranteed to be the same.

"The solution is both simple and powerful," said Honigman. "On the surface, it would appear that all that GuardTime is providing us is the ability to timestamp or simply sign a file. But, because the signature is keyless, meaning nobody is forced to manage any keys or keep any secrets, the client can get undeniable proof that the file has not been tampered with, not even by Ftopia."

GuardTime CEO Mike Gault says, "We solved the problem of trust by removing the reliance on keys or secrets to prove that the data remains intact. This is accomplished through a series of concatenated SHA-256 hashes for each file that are used to create and destroy a Merkle tree of hashes every second since the beginning of Unix time, 1970."

According to Guardtime, the resulting root hash, referred to by the company as the "Integrity Code", is published monthly in publications such as the Financial Times. To verify the integrity of the data, all one needs is the published Integrity Code, the original file, and its corresponding signature file. With these three pieces, any organization can use the tools provided or, if they are really paranoid, they could do the reverse hash function mathematics to prove that the file remains intact. In short, GuardTime claims that there is no need to rely on any tool, or any third party to gain proof.

It will be interesting to keep an eye on Ftopia to see how their clients use this feature. It seems that the value becomes painfully apparent when an organization is required by law or regulation to provide proof that their data has remained intact - especially if their own integrity was being questioned. Hopefully this is not the case for most organizations. Which company would want to get all twisted up in court because they couldn't prove they weren't involved in a coverup? I feel safe going out on a limb to say none of them.

More Stories By Victor Cruz

Victor Cruz is a writer whose articles have appeared in American Venture, Cloud Computing Journal, CommPro.biz, CSO Magazine, Communications News, Computer Technology Review, eSecurity Planet, Harvard Review, Medical Design Technology, and WebSecurity Journal. He has advised some 50 IT companies in the past 20 years on their marketing strategies. You can reach him at vcruz[at]mediapr.net

@ThingsExpo Stories
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, explained how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
In today's uber-connected, consumer-centric, cloud-enabled, insights-driven, multi-device, global world, the focus of solutions has shifted from the product that is sold to the person who is buying the product or service. Enterprises have rebranded their business around the consumers of their products. The buyer is the person and the focus is not on the offering. The person is connected through multiple devices, wearables, at home, on the road, and in multiple locations, sometimes simultaneously...
“delaPlex Software provides software outsourcing services. We have a hybrid model where we have onshore developers and project managers that we can place anywhere in the U.S. or in Europe,” explained Manish Sachdeva, CEO at delaPlex Software, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
From wearable activity trackers to fantasy e-sports, data and technology are transforming the way athletes train for the game and fans engage with their teams. In his session at @ThingsExpo, will present key data findings from leading sports organizations San Francisco 49ers, Orlando Magic NBA team. By utilizing data analytics these sports orgs have recognized new revenue streams, doubled its fan base and streamlined costs at its stadiums. John Paul is the CEO and Founder of VenueNext. Prior ...
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
With 15% of enterprises adopting a hybrid IT strategy, you need to set a plan to integrate hybrid cloud throughout your infrastructure. In his session at 18th Cloud Expo, Steven Dreher, Director of Solutions Architecture at Green House Data, discussed how to plan for shifting resource requirements, overcome challenges, and implement hybrid IT alongside your existing data center assets. Highlights included anticipating workload, cost and resource calculations, integrating services on both sides...
Big Data engines are powering a lot of service businesses right now. Data is collected from users from wearable technologies, web behaviors, purchase behavior as well as several arbitrary data points we’d never think of. The demand for faster and bigger engines to crunch and serve up the data to services is growing exponentially. You see a LOT of correlation between “Cloud” and “Big Data” but on Big Data and “Hybrid,” where hybrid hosting is the sanest approach to the Big Data Infrastructure pro...
"We are a well-established player in the application life cycle management market and we also have a very strong version control product," stated Flint Brenton, CEO of CollabNet,, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
We all know the latest numbers: Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from last year, and will reach 20.8 billion by 2020. We're rapidly approaching a data production of 40 zettabytes a day – more than we can every physically store, and exabytes and yottabytes are just around the corner. For many that’s a good sign, as data has been proven to equal money – IF it’s ingested, integrated, and analyzed fast enough. Without real-ti...
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
Unless your company can spend a lot of money on new technology, re-engineering your environment and hiring a comprehensive cybersecurity team, you will most likely move to the cloud or seek external service partnerships. In his session at 18th Cloud Expo, Darren Guccione, CEO of Keeper Security, revealed what you need to know when it comes to encryption in the cloud.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
You think you know what’s in your data. But do you? Most organizations are now aware of the business intelligence represented by their data. Data science stands to take this to a level you never thought of – literally. The techniques of data science, when used with the capabilities of Big Data technologies, can make connections you had not yet imagined, helping you discover new insights and ask new questions of your data. In his session at @ThingsExpo, Sarbjit Sarkaria, data science team lead ...