Tuesday, March 20, 2007

 

Scheduled Maintenance Alert - March 20, 2007, 3 PM - 7 PM Pacific Time

Hi all,

Just wanted to make sure that ElephantDrive users and blog readers know that we will be conducting Scheduled Maintenance procedures today, from 3-7 Pacific Time. We’ll be adding more computing power to our infrastructure and further expanding our storage solutions. We hope to be back to full operational capacity in less time than we’ve alloted.

Please let us know if you have any questions by emailing us at support@elephantdrive.com.


The Team at ElephantDrive

Monday, April 03, 2006

 

More Extreme Tech...

It appears that our last post on the ExtremeTech site caused a bit of a stir. Below is a response to one user's skepticism regarding the inherent security issues with online storage:

"What you've identified regarding data security is somewhat accurate, no cryptographic system or encryption algorithm is entirely secure. The aim of protecting an asset, digital or otherwise, is to make the cost of successfully attacking it exceed the value of obtaining it.
That said, by constantly evaluating and upgrading our security policies and procedures, we're able to identify and prevent most motivated and sophisticated attacks. While we've thought a great deal about this issue, this isn't exactly the forum for our philosophy; anyone interested in reading it can do so here:
http://www.elephantdrive.com/help/faq.aspx#qSecurity
Lastly, regarding a "crack" of 128-bit Rijndeal (AES), I assume you are referring to the recent speculation by cryptologists Nicolas Courtois and Josef Pieprzyk of the algorithm's purported vulnerability to XSL algebraic attack techniques. Forgetting about the fact that most experts are skeptical of Courtois' math (which represents AES as an overdefined system of multivariate quadratic equations), its important to note that this is completely theoretical cryptanalysis, and that no one has been able to demonstrate breaking even a simplified version of Rijndael (AES), in a lab or anywhere else. It isn't even remotely practical. Perhaps in 10-15 years computing power might reach the point where this would be a cause for concern. If so, we'll have switched to something stronger. In fact, in anticipation, we've switched to 256-bit keys."

 

Fish on ElephantDrive Security...

Fish recently put together what I think is a comprehensive and accessible summary of the security policies and procedures used here at ElephantDrive. Securing the data that you entrust to us is priority number one here. We're committed to the ongoing improvement and transparency of the system, you can expect that we'll be writing more summaries like the one below.

The following text can also be accessed here: http://www.elephantdrive.com/help/faq.aspx#qSecurity

"We are constantly refining our security measures to meet the rapidly evolving threats in the digital space (like viruses, attackers, hackers and all the other bad guys snooping around the internet), as well as to protect against the every day disasters that Murphy’s Law provides us (like fires, floods, thefts, and accidents). We apply classic principles of secure programming with the knowledge of the latest advances threats and countermeasures. Sometimes the principles sound vague, but below we explain them and identify some of the ways in which they are employed. We would rather you understand why your data is more secure with ElephantDrive than just take our word for it.
First, we harden every server and network device and place it in the secure ElephantDrive datacenter. This means applying the time-tested security principles of “Least Privilege” and “Economy of Mechanism.” In simple terms, it means we remove every program and close every port that isn’t absolutely necessary for our systems to operate, and we restrict physical access and enforce strict rules regarding the environment in which the machines are kept. It’s sort of like the military principle of information on a need-to-know basis. Unlike your home or office computer, ElephantDrive machines are there to serve one, and only one, purpose – securely storing and managing your data. There are no additional programs for hackers to exploit. Our computers are housed inside locked cages in a temperature-controlled facility with redundant power, connectivity, and fire/flood protections. Access is monitored and granted to authorized-personnel-only, and food and drink are prohibited. These efforts enable us to dramatically reduce the potential avenues of attack for would-be wrong-doers and the chances of freak accidents.
Second, we insist on persistent authentication at the most granular level. This involves applying two other established security principles, “Fail-safe defaults” and “Complete Mediation.” In other words, we start by assuming that all requests for information we receive should be denied, and then evaluate whether or not to grant permission (rather than the other way around). Then we apply this analysis to each individual request. For instance, if an ElephantDrive client wants to upload a file, the software not only verifies the client’s identify before the file begins its transfer, but with each chunk of information delivered. This vigilance also helps us to dramatically reduce the opportunities for the bad guys to impersonate a client.
Third, we compartmentalize sensitive data, in accordance with the principles of “Separation of Privilege” and “Least Common Mechanism.” This means that wherever possible we split sensitive information into pieces that are insufficient to reveal anything without their corresponding part, and we keep functionality in narrowest scope possible. A commonly understood example of this that the movies and the military have combined to provide is the use of two independent keys or codes to allow the launch of weapons – one without the other is useless. The best example of this principle in action is a result of our encryption processes. Every file you store with ElephantDrive is encrypted before it ever leaves your computer, and the file and the key with which it was encrypted are stored on separate devices. Furthermore, the ElephantDrive team members separate their administration responsibilities such that the individuals responsible for managing the file do not overlap with those managing the keys. The result is that all files handled by ElephantDrive are completely unreadable by the bad guys, even in the unlikely event they were able to get a hold of the hard drives holding the files.
We are often asked about the strength of our encryption, so here is a little more information. ElephantDrive files are encrypted with the Advanced Encryption Standard, also known as AES, using a 256-bit key. The key is derived from the file itself. The United States National Security Agency has approved this algorithm and key combination for information classified as “TOP SECRET”. The key itself is then encrypted with AES, using either another key provided by ElephantDrive or one of your own choosing, and stored separately, as mentioned above. It is worth noting that should you choose to use your own key, no one at ElephantDrive (not even all the employees working in concert) will be able to access the contents of your files.
Lastly, we work hard to be open about the security we provide and make it practical for our users. The first guiding principle here is known as “Open Design.” In lay terms, this means decoupling the mechanisms we use to provide security from the keys we use to enforce the protection. By making the system details transparent we 1) allow our systems to be examined by experts and reviewers who can offer us feedback on future theoretical attacks or existing vulnerabilities, and 2) need only protect a small amount of discrete information. The second rule applied here is “Psychological Acceptance.” This means the security protocols we’ve chosen to implement have to be simple enough to be understood by our end users, and easy enough that we can actually count on you guys to follow them. Hopefully this explanation has helped to provide a better understanding of how we work with you to practice security, and hopefully our software will make it straightforward and painless for you to execute on it.
Never share your password with anyone. ElephantDrive employees will never ask you for it."

Tuesday, March 21, 2006

 

ExtremeTech

I found a particularly insightful comment on a recent article published on ExtremeTech.com:

"My first attempt at a regular data backup scheme involved burning copies of important files to CDs on a monthly basis. Back in the old days before blank CD-Rs were cheap and plentiful, making a full disc backup still took the better part of an hour. And I didn't dare use my PC for anything else while burning—that was a surefire recipe for making cup coasters. The plan worked solidly for a few months until I got lazy and started neglecting to do the backups." Read "Should You Bother With Online Storage?"... by Victor Loh

User rogthefrog comments:
"My main gripe with online storage (and all those run-in-the-browser apps like Writely and such) is that internet connections are very slow and flaky. That was true in 1998 when all those internet storage sites were cropping up and it's still true today. I'm not about to upload 300GB worth of data on a remote server via an internet connection (even a 100M LAN connection would take ages). And if I can't have all my data uploaded at least once, that means I can't do incremental backups either.Then there's the legal ramifications of your data being stored on someone else's servers. If a legal body wants access, the criteria to get into the data on remote servers are significantly less strict than those regulating searches and seizures of your own PC in your home."

My response:
Rog,
I agree with all of your gripes regarding online storage. It was those exact frustrations which prompted us to found and develop ElephantDrive (www.elephantdrive.com).
Knowing that internet connections are often “slow and flaky,” we set out to build the most fault-tolerant platform available. When something does happen that is beyond our control, the client software provides clear messaging and fails gracefully. Regarding your concern about the time and cost of backing up: yes, even using our optimized transfer protocol, 300GB will take some time to backup online. We’ve mitigated the impact of that in a couple of ways:
1. We’ve borrowed a little bit from IBM’s concept of “Continuous Data Protection” contained in their Tivoli product. ElephantDrive backups are performed automatically and a convenient scheduled periods (i.e. when the origin computer or internet connection is not in use). By making the process continuous, a large amount of data can be transferred in much shorter time than you might think.
2. The client software routinely scans the filesystem of the computer, looking for additions and changes. During subsequent backups, only the files that have been added or changed are transferred, and histories are kept and are file-based, with a configurable number of versions stored. This drastically cuts down the time to perform incremental backups and gives our users granular access to their file histories.
Finally, addressing your apprehension about the legal ramifications of remotely stored data, ElephantDrive is approaching it a couple of different ways. By default, everything stored on our servers is encrypted using Rijndael (AES) and randomly generated 128-bit keys, supplied by ElephantDrive. If a users so chooses, they are able to provide their own keys. In doing so, a user makes it virtually impossible that anyone, including ElephantDrive staff, other than the holder of that key can decrypt the data. Even if someone were to enter the ElephantDrive datacenter (which is also physically secured) and remove the drives from their enclosures, they would have nothing but gibberish bits.
We’re currently in beta and inviting users to try the product for free for a limited time. We would value your feedback, and that of anyone else who might be reading these posts.
Thanks in advance.
Ben Widhelm
support@elephantdrive.com
www.elephantdrive.com

Tuesday, March 14, 2006

 

Officially Throwing the Hat into the Ring...

Amongst us online storage junkies, there is a seminal blog, posted 1/31/2006 on Techcrunch, a roundup of online storage companies entitled "The Online Storage Gang":

http://www.techcrunch.com/2006/01/31/the-online-storage-gang/

I left the following post as a comment:

"Great post. Thanks to Michael and Adam for the research and evaluation.
However, a critical component missing from your review is the actual reliability of the services. Nearly every online storage user I’ve spoken to has at one point relayed their crushing frustration in waiting for a large transfer to complete, only to have the web/desktop software freeze, message cryptically (or not at all), then croak, leaving the user to start the process again.
As luck would have it, we’ve started a company that addresses this very concern, ElephantDrive (elephants… big, never forget, work for peanuts, get it?). Our platform provides a greater level of automation, transparency, fault-tolerance, and availability than I have yet to see in the marketplace. Admittedly, we don’t yet have the feature set boasted by some of the companies here, as we’ve chosen to focus on designing and deploying secure and extensible core architecture.
Our beta is open: http://www.elephantdrive.com/.
Come on over and back that azz up. "

Here we go!

Wednesday, February 22, 2006

 

Version 0.5.0 released!

The latest version of the ElephantDesktop software is now available at http://www.elephantdrive.com/download/client.aspx.

Check it out and let us know what you think!!! It is much sleeker looking and much more stable.

Monday, August 29, 2005

 

Welcome

Welcome to the official ElephantDrive blog! The goal of this blog is to create an online space where individuals can help make ElephantDrive a better place. In case you don't know what ElephantDrive is, I'll tell you:

ElephantDrive is a new tool for online backup and storage of your digital assets. It is the easiest and most intuitive tool around. With it you can protect yourself from computer catastrophes and access all your files from anywhere at anytime.

The product will be available at http://www.elephantdrive.com , but if you are interested in helping us test the early versions, please check out http://beta.elephantdrive.com .

This blog will be one of the best places to visit during the early testing. We are hoping users will post their problems and questions here so that the software developers can quickly and effectively addres them, and so that otehr users can learn from the early experiences and even help out.

This page is powered by Blogger. Isn't yours?