Safe and Easy in the Cloud – Tresorit
With recent scandals around Apple’s iCloud services being hacked, the question arises: Are cloud services truly safe enough to store personal or even business-related data? And even if they are safe from outside attacks, what stops the provider to take advantage of the data stored on their servers? Tresorit, a Hungary-based startup company claims to have the safest solution yet, powered by user-side encryption processes.
So how is it different from any other mainstream cloud service out there?
While using the same level of safety as Dropbox regarding storage and transfer of files (AES-256 bit encryption, SSL/TLS transfer), Tresorit claims that the prime issue regarding the safety of data in the cloud is actually not it being hacked by outside parties, but the inefficiency of barriers that would stop the provider peeping into data uploaded into their cloud. This breach would be made possible by the encryption process used by most big companies, namely server-side encryption which practically means that the encryption key is to be found somewhere at the provider’s side. Of course, this could be quite easily mitigated by the user, through encrypting the uploaded files themselves. But as cloud storage is mainly used for collaboration, it would be quite a hassle.
Thus Tresorit has introduced an integrated system for encrypting files on the user’s computer, enabling them to effectively control who can decrypt and access the content. As both encryption and decryption are done on the client’s side, the company claims that not even they can see the content of uploaded files. Further key selling points of Tresorit are that one can practically share any folder on the computer (as opposed to the single folder of Dropbox), and also set unique permitted access levels to shared files and folders.
The creators of Tresorit are quite confident in the safety of their product. Actually so much, that they offer USD 50,000 for anyone who can hack into their system. Their confidence seems well-based, as for the 468 days the challenge has been open, none of 900 hackers (including MIT and Stanford) has managed to take the prize.
So what do You think? Do you generally trust the safety of the cloud? Or would you feel safer using a solution like Tresorit?