According to Fraunhofer Institute for Secure Information Technology, the security of cloud storage services is often inadequate. Their study (available here) evaluates a number of “leading” cloud storage providers and finds them lacking for several reasons, but most importantly the failure to encrypt data on the client side (pre-transfer).

We first learned about it from the Storage Newsletter’s coverage of the study, but were intrigued because ElephantDrive actually does default to this model (i.e. at some trade off, our software runs encryption on the client so that the user files are transfered, stored, and retrieved fully encrypted).

Is this feature critical? That is, we know the security experts endorse it, but given the trade off (more time, more client side processing, need for an applet for web download), is it worth it? Your thoughts are welcome…

Categories: General