Data leakage risks with cloud-based services

Fact: the risk of data leakage significantly increases when cloud storage services such as DropBox or Box are used on mobile devices. Word documents and PDF files retrieved via these services on both iOS, Windows Phone or Android devices are stored in cache, where they remain until the storage limit has been exceeded, after which they’re overwritten by new data. Still, it is hard to not leave some sort of trace when using a mobile device, especially with cloud-based storage services - since database decryption and infiltration won't be hard to pull off.

It seems that the contributing factors towards data leakage are endless, whether it be utilizing cloud storage services on mobile devices or a company's bring-your-own-device (BYOD) policy. So what can be done to mitigate such an imminent threat? Perhaps enhanced identity protection and access control on Windows Phone that protects compromised devices, completely immobilizing phishing attacks with simple, enterprise-grade protection is the solution.

Another suitable defense mechanism is what many basic IT security solutions lack: data encryption. When data is in transit, it is encrypted as it moves between you and the datacenter or between the server to the datacenter. To enhance data leakage prevention, the encryption technology should be applied not only to data in transit but also to data at rest.

Starting with data security at the disk level, (a Microsoft favorite) BitLocker helps manage the risk of physical disk theft from a Microsoft datacenter. Even if someone could steal a disk or server out of a datacenter, BitLocker would not allow an attacker to boot the system or harvest customer data from it.

Whereas the file-level, stored files are chunked into smaller pieces with each chunk encrypted with a separate key and distributed across multiple storage containers in a datacenter. The content encryption keys are encrypted themselves with a master key for extra safety. The encrypted chunks of content, the master keys, and the “map” used to re-assemble the chunked content into the original file that the customer stored in the service are all stored in physically separate data stores.

Alternatives to cloud-based storage include sandboxing & virtualization; still they must be tested on how effective they are at preventing data leakage.