Scared of storing files in the cloud? Rest easy – Zebu makes file storage safeJackie Gill - March 19, 2020
On the morning of August 31, 2016, more than 68 million Dropbox users woke up to a surprise announcement: the file storage system had been hacked, and their data was at risk.
The breach included email addresses and passwords. And even though those passwords were encrypted, a full two-thirds of the cloud storage provider’s total customer base was prompted to set new ones following the announcement.
The original leak’s attributed to a reused password on a Dropbox employee’s LinkedIn account, which was part of another breach that saw 117 million emails and passwords put up for sale by hackers back in 2012. “From there they gained access to the user database with passwords that were encrypted and ‘salted’” – meaning Dropbox added an additional string of random characters to each encrypted password to make it even harder to crack – reported The Guardian.
In 2016, Uber disclosed that personal information belonging to 57 million users, including 600,000 drivers in the U.S., was compromised by hackers who lifted the company’s AWS credentials. Let’s not forget Equifax, where unauthorized access to names, social security numbers, birthdates and more put almost 150 million U.S. consumers at risk in 2017. And then there’s Edward Snowden, who famously leaked highly classified intelligence files from the NSA to a journalist as a whistleblower.
“Around 60 to 70 per cent of businesses that are attacked are small businesses.”
– Jessé David Thé, CEO and co-founder of Zebu
And these are just the cases we hear about because they’re so large, says cybersecurity-meets-productivity platform Zebu.
“Around 60 to 70 per cent of businesses that are attacked are small businesses,” says Zebu CEO and co-founder Jessé David Thé. “There’s this false perception that, if I’m a small fish, I don’t have to worry about hackers. But they’re actually the preferred target for cyberattacks because they know that they don’t have the proper IT infrastructure or the proper technology in place to really protect themselves.”
“But we also realize that small businesses want to get there passionately,” adds Zebu CTO Mike Johnson. And paying attention to how you store and share files – sensitive information or not – is a great place to start.
Put your files on lockdown with encryption that works
Your files should be easy to access for people who need them. That’s why cloud storage has taken off since it first entered the consumer market around 2005 – it provided a way for multiple people to tap into the same files, no matter where in the world they were (and later, no matter what device they were using).
It’s so convenient that 90 per cent of companies say using a cloud service provider makes them measurably more productive, and 81 per cent say they’ve saved money since bringing cloud storage into the fold.
But there’s still a fear: nothing is safe in the cloud. “The cloud has a lot of privacy concerns for a lot of companies. Even larger ones won’t allow their employees to use anything that’s in the cloud,” says Thé.
90% of companies say cloud services make them more productive… but 29% say they’ve suffered a data breach from using the cloud.
That fear is backed up by 29 per cent of companies that say they’ve suffered a data breach of files or folders stored using cloud service providers. It’s why 21 per cent of organizations keep all of their sensitive data on on-premises infrastructure.
Still, on average, employees have access to over 17 million files through their company’s servers and cloud storage. But were all those files secure? In 53 per cent of companies, over 1,000 sensitive files were available to every single employee who worked there.
That’s exactly the kind of problem encryption helps solve, says Johnson. “Encryption just produces a lock around your personal information,” he says. It’s the reason why those leaked Dropbox passwords were so tough to crack, for example. They were converted to digital gibberish that only made sense to the right systems and users.
“We don’t want anybody, if they got one key, to be able to use that to unlock [anything else].”
– Mike Johnson, CTO of Zebu
And it’s not enough to encrypt all of your locks using one key. Not only do service providers tend to keep a copy of that key for themselves so they access data to gather information on their users, but it also means that, if that key gets exposed, everything attached to it does, too.
That’s why Zebu does things differently, Johnson adds. “Every version of every document has its own encryption key because we don’t want anybody, if they got one key, to be able to use that to unlock [anything else].” Only the people with that key can access the file, so it’s not open to everyone.
With Zebu, that encryption happens directly on a device before files ever hit the cloud. On many services, it only happens after the file reaches the cloud, meaning there’s a split second when it’s unprotected. Plus, the recipient has to manually decrypt files to see them, so there’s no worry about someone looking over a shoulder to take a peek at a photo or file a business wants to keep confidential. Even Zebu can’t see that data, because they don’t have the keys either.
“Our encryption mechanism means because we can’t read it, and even your coworker who might want to spy on you, they can’t read it either,” Johnson says. “That means that you’re private unless you share that with someone. And that’s really what we’re after. That’s what we’re trying to bring to the marketplace.”
“Bringing it under one house, you know what’s going on.”
– Mike Johnson.
Plus, it makes files safer, easier to find and easier to manage when you bring them under one umbrella. “You’ve got file-sharing services Dropbox, Google Drive, OneDrive. You have employees who are trying to make it convenient and easy. And now you’ve got your data spread everywhere, depending on what’s happening,” he adds.
“Bringing it under one house, you know what’s going on. You may not be able to necessarily read everything in your organization or see what’s shared, but at least you know where it went.”
Security starts with privacy and control
It isn’t just about security and productivity, says Thé – though obviously, it’s a big part of what the Zebu team does. They’re about privacy and the reasonable expectation that what’s yours stays yours, under your control.
At the beginning of their journey, when Zebu itself was using cloud storage from big providers, they realized something big: “We were being used as a product,” he says. “We’re using the services, but really, we were being sold to all these other companies and advertisers.”
That’s when Zebu made the shift from productivity to productivity-plus-security. “At that point, we became very strong advocates for privacy, and privacy goes along heavily with security because, in order to ensure that user information is private, you have to secure it.”
“We’re protecting this critical business information that otherwise might have been stored insecurely.”
– Jessé David Thé
And privacy ties back with their primary mission: to help businesses. Data breaches are a real threat, he says, and preventing them doesn’t just save money – it could also save a business’ life. Whether it’s a law firm that must adhere to attorney-client privilege, a medical office that needs to meet privacy regulations, a manufacturer with patents and R&D or a mom-and-pop shop collecting credit card information on shoppers, there’s a tangible, positive outcome to ramping up privacy and security.
“If that gets a ransomware attack where they lose that information, they can no longer operate,” says Thé. “By offering them a solution that secures their important work documents, communications, their scheduling and more, we’re protecting this critical business information that otherwise might have been stored insecurely.”
Keep your business productive and safe with tools designed with privacy in mind. Let Zebu show you how.