pCloud: Why Zero-Knowledge cloud storage security matters

Zero-knowledge is an alternative name for private, end-to-end encryption. Here’s why this could be crucial for your business.

We live in the data era. The amount of personal data we accumulate on a daily basis – the pictures and videos we take, the email and instant messaging communications we send, and yes, even the occasional written document – is growing exponentially.

90% of the world’s data was created in the last two years.

And what do we do with all this data? We store it. It used to be in external hard-drives at first, and has since moved to the cloud. All the prefixes of the byte – giga, mega, tera – practically lost their meanings, and now just represent single dollars we pay monthly for cloud storage.

The decision we need to make now is simply with what company should we store our data.

Data security should also interest individuals

Since we are so ‘used’ to Google and Apple in our lives, how they sync our photos directly from our phones to the cloud, for example, we may risk not considering the security of our data. The assumption is that such mega-companies must have the most secure protocols for our data, with “end-to-end encryption”. Well, they do and they don’t.

While both companies are masters in securing on-device data, when it comes to their cloud storage things get a bit more hazy.

Remember when Apple refused (or claimed it couldn’t) help the FBI unlock an iPhone? The aftereffect of this public dispute was that Apple backed away from plans to encrypt backup data on iCloud.

But the more crucial point is clearly explained by a quote from Tim Cook, Apple’s CEO, about iCloud storage: “Our users have a key and we have one.” In this quote Cook refers to the encryption key, the string of code that is used to decrypt data stored in encrypted form.

If you have the encryption key, you have access – and control – over the data. What Cook is saying is that you, the data owner, isn’t the only one that can access and view your data. Your cloud provider, whether Apple or Google, has visibility and access to your data due to the fact that they hold a copy of the encryption key.

If your cloud storage provider has access to your data, by proxy, so do malicious attackers.

So if they get hacked, and encryption keys are obtained by the attackers, then your data is exposed. It has happened in the past, and will happen again in the future.

The point is Apple and Google aren’t after your data. But if they have access to your data by holding a copy of your encryption key, this access can be compromised. Now if you’re thinking, of course they have access how can they not, my data is on their servers, well, say hello to Zero-Knowledge.

What is Zero-Knowledge

Zero-Knowledge means that the service provider, whether cloud storage or any other service, doesn’t have visibility or access to your data. Your data is kept encrypted, and you are the only one that has the encryption key. The encryption key, the only key, is saved on your device – not in the cloud.

This way, even the service provider cannot “see” your data – it has zero knowledge of your data.

This concept of complete security has been quite prevalent for a few years now in the cybersecurity and data security circles. It’s a common practice in the business sector, and companies large and small require no less for their data. The understanding that by-proxy access to data is a vulnerability – malicious attackers can obtain access via the cloud or service provider – led to making Zero-Knowledge security, or Zero-Knowledge encryption basically a standard in the business world.

pCloud: Zero-Knowledge to personal users

It was only a matter of time before a company would offer the same level of security and data protection to personal users. This company is pCloud, a global cloud storage provider with close to 10 million users worldwide. pCloud simply levelled the playing field for personal users, offering the same Zero-Knowledge security that is available in the business sector.

pCloud encrypts your data on your device and uploads the encrypted version to their servers. The source files remain on your device, as well as the encryption keys, so there is no way your data can be viewed or accessed by anyone, not even pCloud. By preventing their own access to data, pCloud applies the Zero-Knowledge security model to personal users.

For the more technical readers, pCloud uses industry-standard 4069-bit RSA encryption for users’ private keys, and 256-bit AES encryption for per-file and per-folder keys.

Not all your data requires that level of security, and you are able to select what data you want to be encrypted and what data can be stored in a plain form on pCloud’s servers.pCloud is the first cloud storage provider to offer both encrypted and non-encrypted folders in the same account.

This is a valuable offering since encrypted files cannot be ‘worked on’ in any way while in their encrypted form; videos cannot be played, images cannot be viewed, documents cannot be edited or shared.

Additional layer of protection

pCloud is now taking a further step in its offering by allowing users to choose whether they want to store their data in pCloud’s U.S-based data center or EU-based data center. This is another offering usually reserved for the business sector that pCloud is making available to personal users. And it matters, for a few reasons.

First, EU storage for EU users improves privacy and data security due to GDPR regulations. As the strictest set of privacy regulations, GDPR ensures the highest level of protection to personal and business data stored on the cloud.

Additionally, local storage for EU users ensures faster connectivity and lower costs. So for EU users, going with pCloud EU data centers is a no-brainer.

The interesting point is though, that also US-based users should consider storing their data in the EU. Though it may sound counter-intuitive – why would I want to store my data on the other side of the world? But there are some advantages.

First, even US residents will be able to enjoy enhanced levels of data protection and privacy that comes from the GDPR regulation. Second, they can ‘escape’ the long hand of the Patriot Act.

It might sound far fetched, but the Patriot Act forces companies to comply with demand by the US federal government to disclose any data they hold on US soil.

If your data is stored in the EU it cannot be obtained under the Patriot Act. For individuals who are more concerned about the privacy of their data, this is an opportunity for further protection.

Companies like pCloud are allowing personal users the same technological benefits that are widely available for businesses. pCloud’s combined offering of Zero-Knowledge security and the ability to choose whether to store data in the US or the EU is setting new standards for personal cloud storage. The technology is there, it’s just a matter of knowing when to use it.

Share this story

Close
Menu
Send this to a friend