Data stored without encryption is always at risk. As IT security specialist Ami Luttwak from Security specialist company Wiz found out, when they discovered the vulnerability in the Microsoft Azure infrastructure that enabled them to access, modify and delete data of thousands of Azure customers. Described as ‘the worst cloud vulnerability you can imagine’, the security company found they could get access to any customer database that they wanted.
This vulnerability is proof that data stored in the cloud should be protected with end-to-end encryption at all times. When you combine that with the fact that the context of this warning is around cloud storage, then you have some real applicability to the core principles of our FALKOR platform development. FALKOR’s core principles ensure that data can be stored on the cloud with peace of mind – in a non-complex way.
FALKOR is a cloud first platform. Why? It can take advantage of cloud object storage and deployment services that create economies of scale for our clients, whilst increasing the control, visibility, and sharing capacity of data.
The usage of cloud object storage, and the type of datasets involved in our use cases, make encryption and decryption processes major principles in the development of the platform.
Our solution uses a combination of symmetric, asymmetric, and threshold encryption in order to protect and maintain the integrity of data when it’s written to, and read from the platform.
Our permission data structures that are validated and stored on the blockchain also play a part in this processing. This provides a layer for data to be transacted through, before it's moved to and from the cloud storage.
Both cloud storage and the encryption / decryption processes can operate and integrate to the blockchain as part of the overall platform capability.
This is important as the blockchain transacts and stores a validated state and history of the data, whilst the data can be put through the encryption and stored in cloud storage.
The validated state held by the blockchain ensures the integrity of the data, tracks the versions and links between data, the permissions around the data, and enforces policies on whether the data can be written to, or read from the platform before any other encryption / decryption or cloud storage is called on. So, the combination of these components can prevent the kind of risks raised by this article about Microsoft Azure.
The three main actions that the security experts at Wiz were able to achieve were to access, modify and delete data. But the combination of the platform principles we mention above, would have helped to prevent this.
Data cannot be accessed or decrypted from cloud storage unless its verified that the validated state of permissions held on the blockchain around the data ‘check out’. The data itself is encrypted before it’s stored, and the platform won't begin any decryption processing until there is a valid read request.
Modifications of data can’t happen unless there’s a valid update request made to the platform. The user making the request will need to exist as a “writer” within the validated state of permissions on the blockchain. Each update to data will be tracked as a new transaction on the blockchain, and therefore form part of the immutable history of that data.
If a secure DLT solution like FALKOR is something you’ve been exploring for your business, do get in contact with us below. We’re always happy to chat.