Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You work as the Chief Information Security Officer in Dropbox.com, the cloud-bas

ID: 3902529 • Letter: Y

Question

You work as the Chief Information Security Officer in Dropbox.com, the cloud-based file storage service (Software as Service SaaS). As part of your 5-year plan, you are asked to make a recommendation about the type of encryption your systems should implement. Make a recommendation for type of encryption and explain your reasoning in terms of the CIA triad.

CIA

Confidentiality:

Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.

Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

Integrity:

Data integrity: Assures that information and programs are changed only in a specified and authorized manner.

System integrity: Assures that a system performs its intended function in

Availability:

Assures that systems work promptly and service is not denied to authorized users.

Explanation / Answer

Ans:

The Advanced Encryption Standard (AES) 256-bit key encryption that is used by Dropbox to encrypt the files you store with the service does not offer enough security. Isn’t AES 256-bit key encryption the industry standard for electronic data? It is correct in that it is the standard; However the U.S. National Institute of Standards and Technology (NIST) established the AES back in 2001 before cloud applications were prevalent.

The reason why AES 256-bit encryption is inadequate lies in the management of the encryption keys. Without getting too technical, Dropbox encrypts your files using AES 256-bit key encryption but they retain the ability to decrypt the files. Therein lies the problem. In the days before the cloud you encrypted your files, but only you had access to the encryption keys to decrypt them. Now Dropbox controls those encryption keys. Any time there is a data breach, which seems to be often, your files are accessible because the hackers have everything they need to view your files. This same encryption key management structure is also why government entities can access your data in the cloud under subpoena.

So how can you store files in the cloud in a more secure way? Use 3rd party FIPS 140-2 validated encryption software.

Federal Information Processing Standards (FIPS 140-2) validated encryption software truly offers the highest level of security in the cloud storage sector namely by putting the encryption keys solely in control of the consumer. But Dropbox isn’t FIPS 140-2 validated. “Why not,” we asked? We found that the Cryptographic Module Validation Program (CMVP) is experiencing a bottleneck due to limited resources at the National Institute of Standards and Technology (NIST). From document preparation to algorithm verification the process can take up to a year before the service/product is validated. BUT if Dropbox was truly invested in the security of your files, they should have been working on FIPS 140-2 validation years ago! Luckily there are third-party applications that are FIPS 140-2 validated to help you encrypt your files.

Not all FIPS software is the same.

Be aware that there is a difference between “FIPS Certified” products and “FIPS Validated” products. Some companies bypass the long validation process by slapping on a “FIPS Certified” tag. This means that the product or services have some features that were validated but others that weren’t. Using validated third-party encryption services not only assures that you have the highest level of protection available but also allows you to control your encryption keys. Protect yourself from unwanted privacy violations or any security breach by using a FIPS 140-2 validated application, which encrypts your files prior to uploading them to the cloud. We hear just about every few months that a public cloud storage has been breached, and let’s face it, most of us can be more careful when logging in to our clouds in public places. Controlling your own encryption key helps you protect your files even if your Dropbox is compromised. If your files are stolen or saved on another drive by mistake, only you can unlock the encrypted files. Simply encrypting your files before sending them to the cloud assures absolute security.

Hitachi Solutions’s FIPS 140-2 validated encryption software, Credeon Cloud Data Protection, allows you to encrypt your files prior to sending them up to the cloud and works directly with leading cloud storage providers like Dropbox, Box, Google Drive and OneDrive. Credeon even allows you to share encrypted files with people or groups that you authorize, making sensitive file sharing as secure as possible.

Related Questions

You wish to test the following claim (HaHa) at a significance level of =0.05=0.0
Question #3060169
You wish to test the following claim (HaHa) at a significance level of =0.05=0.0
Question #3060765
You wish to test the following claim (HaHa) at a significance level of =0.05=0.0
Question #3269497
You wish to test the following claim (HaHa) at a significance level of =0.05=0.0
Question #3296113
You wish to test the following claim (HaHa) at a significance level of =0.10. Ho
Question #3314150
You wish to test the following claim (HaHa) at a significance level of =0.10=0.1
Question #3060130
You wish to test the following claim (HaHa) at a significance level of =0.10=0.1
Question #3315652
You wish to test the following claim (HaHa) at a significance level of ?=0.01. H
Question #2948568
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
You work as part of a team that selects part suppliers for a large manufacturer.
Next
You work as the assistant to Michael Brown, a CFP with Securities Services, Inc.

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.