Why SSL Security is not enough?
Why is SSL Security not enough?
Traditional cloud service providers use SSL (Secure Socket Layer) to transfer data from sender to recipient. SSL, as a security technology, was mandated in 2006. Given that technology has grown leaps and bounds from then until now, many companies still advertise SSL as an added security layer, when in reality, they are simply following the law.
Understanding how SSL works while sending and receiving sensitive information
In this method of sharing sensitive information, the data is encrypted when it travels from client to server or vice versa which is called encryption-in-transit. Imagine this, data travelling through a tunnel and during this time no one has access to the information shared, not even the ISP (Internet Service Provider).
When the data reaches the cloud, SSL is terminated. So now the data in the cloud is all in clear text and anyone who is able to access the cloud has access to your information. This is where your sensitive information becomes accessible to hackers and ransomware.
When the data leaves the cloud to travel to the intended recipient, the information is again encrypted with SSL technology, so no one is able to access this data. It is all encrypted until it reaches the receiver’s device and SSL is terminated.
In case of SSL, the data is decrypted right away on the recipient’s device which makes those links public and susceptible to data breaches.
How is DropSecure different?
DropSecure is a secure file share platform that has shifted the landscape in sharing, storing and managing your data. A combination of two (Symmetric and Asymmetric) encryptions is used with Zero Knowledge Encryption technology to ensure the utmost privacy of sensitive information.
In addition to SSL encryption, all data is first encrypted on the sender’s device. So, when the DropSecure servers get the data (and SSL is terminated), the data is still in its encrypted form. This data is only decrypted on the recipient’s device after authentication which means, no one in between, not even DropSecure, can access your information.