Evaluating the Security of Sliced Data Storage in the Cloud
Can you trust your company's data to remain secure when it's sliced and dispersed to a storage cloud running on unknown hardware? The answer may surprise you.
Storage slicing is an innovative storage technology offered by companies including Symform and Cleversafe. The technology works by breaking chunks of data up into multiple slices, encrypting them, adding extra bits for redundancy (in a similar fashion to RAID), and then distributing the slices to multiple storage devices -- often in separate geographical locations. Only a proportion of the slices needs to be retrieved in order to recreate the original block of data, thus ensuring that the data remains available even if multiple storage devices fail completely.
With Cleversafe, your sliced data resides in your own private cloud, or on rented storage systems in one or more data centers. Symform's system is more unusual in that it uses the concept of storage sharing – in which slices of your data are stored on the storage devices of multiple other Symform customers. In return, you are obligated to make a portion of your own company's unused storage capacity available to host slices of other Symform customers' data.
The advantage of the data dispersal approach is that the volume of storage space needed is usually well below what is required by traditional replication methods. For companies with large amounts of data, this can mean a significant savings in storage requirements. And by distributing the slices in multiple locations, the underlying data is protected in the event of multiple storage device failures or even a disaster disabling an entire data center.
Storage slicing clearly offers benefits in terms of storage optimization and business continuity preparedness, but what about security? How can you be sure your data is well protected when it is dispersed to multiple locations? Symform's system in particular, in which your data is stored on other (unknown) organizations' storage devices, should surely set alarm bells ringing.
In fact, both companies have built comprehensive security features into their services, and while Symform and Cleversafe take different approaches, both claim to offer high levels of security for your data.
How It Works
Symform's system works by breaking your data into 64MB chunks, and encrypting each chunk with strong AES 256-bit encryption using a unique key. Each encrypted chunk is divided into 64 1MB fragments, and 32 parity fragments are then generated and added using a RAID algorithm to make 96 1Mb fragments. These fragments are then distributed randomly to 96 different storage nodes -- storage made available by other Symform users. The keys for the AES encryption are managed by Symform itself in a distributed database the company calls Cloud Control.
If your organization has experience with encryption key management, then there is no reason why you can't also pre-encrypt your data using any algorithm you choose, before the data enters the Symform system. This can offer an additional layer of protection, but if you lose the key then your data will be permanently lost.
To put the security of Symform's system in perspective, let's imagine that your company stored its data unencrypted in a single data center. A hacker managing to infiltrate the data center in this situation could easily get access to your data. You could add a level of security by encrypting your data -- but if you stored the key in the same data center and the hacker accessed the key, then he would also be able to access the data.
Using Symform's approach, even if hackers were to infiltrate Cloud Control and access the keys for every block of encrypted data, they would encounter an additional barrier: to access the data they would need to retrieve 64 fragments of a given block from 64 different unknown locations. Even if this were achievable and the original data block reassembled, this might still not be enough if the data has been pre-encrypted by the customer.
A more likely scenario is that a hacker might gain access to one of the data fragments stored on a Symform customer's storage device. But the fragment by itself is useless: it contains what appears to be random data, and it has just one sixty-fourth of the information needed to reconstitute a block of the original data, which would anyway be encrypted at least once, and possibly twice.
Cleversafe's approach to data security is slightly different. Cleversafe uses a variable level of redundancy that you select. For example, you could choose to have your data split into sixteen slices, with only ten needed to reassemble the original data. When a file enters the system ,an integrity check value is added to it and it is then encrypted with AES, using a random 256-bit key. A hash of the data plus the key is then added to the encrypted data to create a data package, which is then divided into sixteen slices. These slices are distributed and stored on separate storage devices at the same or separate locations. To reassemble the package, it is necessary to retrieve at least ten slices, and once this has been done it can be decrypted using the key that gets reassembled along with the rest of the package.
As additional security measures, all traffic between a client machine and a storage device is protected using Transport Layer Security (TLS), and each storage device uses digital certificates to prevent "rogue storage nodes" from being added to the system.
With Cleversafe's system there is no central key repository that could be compromised because fragments of each key are distributed with each slice, and the key can only be reassembled by retrieving a threshold number of slices. This can only be done using Cleversafe Accesser software or client software and an Accesser hardware appliance, after authenticating yourself on to the system. Anyone accessing individual data slices on any storage device would only see apparently random data, with no clue as to where the other slices are located. And without the other slices, it is not possible to reassemble the key.
Clearly, as the owner of the data you need to be able to access it whenever you need to -- and with the correct authorization credentials to use either Symform's or Cleversafe's systems you can reassemble your data from distributed slices. A hacker with those same credentials could reassemble it too. But what is also clear is that an unauthorized user faces an insurmountable challenge in trying to steal your data by accessing the distributed storage devices themselves.
The bottom line: Barring the discovery of any new or previously unknown security vulnerabilities in either system, both can be considered highly secure.
Paul Rubens has been covering IT security for over 20 years. In that time he has written for leading UK and international publications including The Economist, The Times, Financial Times, the BBC, Computing and ServerWatch.