Open Source App Development Platform Aims to Ensure Privacy in the Cloud

Data privacy is top of mind for users everywhere. Cloud storage and backup vendor SpiderOak plans to address privacy concerns with Crypton, an open-source Web app dev platform that crunches data in a browser-based client instead of the cloud.

By Paul Rubens
Thu, October 17, 2013

CIO — Thanks to the revelations of Edward Snowden about the activities of the U.S. National Security Agency and the U.K. Government Communications Headquarters, data privacy makes life a lot more complicated for anyone who wants to develop cloud-based applications. If users can't be confident that the privacy of their data is assured, then they're likely to think twice before ever using your applications.

But there's an opportunity here, too: If your apps do keep user data private, then they'll be far more appealing than apps that don't. Developers will soon be able to exploit this opportunity using an open-source secure cloud application development platform called Crypton.

Applications that perform heavy data processing in the cloud often pose a problem, as data needs to be decrypted in the cloud before it can be processed. On the other hand, apps that carry out data processing in a browser on the client side, leveraging the cloud for the storage of encrypted data only, are a different prospect.

Using this type of architecture, user data is always encrypted when it's in the cloud. Even if an intelligence agency or hacker gets access to it in the cloud, or during its journey to or from the cloud, it's unusable.

Analysis: U.S. Spy Budget Reveals Investments in 'Groundbreaking' Cryptanalysis

The problem developers face is building this type of application while ensuring the cryptography component is implemented securely. That's what Crypton aims to address.

Customers Want Cloud, Developers Want Platform for Cloud Apps

Crypton is sponsored by a cloud storage and backup company called SpiderOak. CEO Ethan Oberman says Crypton came from the company's software client, which encrypted data before sending it to SpiderOak for storage.

"When customers discovered that they had to download and install our client software, more and more of them were abandoning," he says. "The world is moving toward cloud-based software and people who care about privacy."

Once the company decided to supply a Web-based application instead, it made sense to create an open source platform that other developers could use to build "zero knowledge" applications, Oberman says. This means the cloud provider stores encrypted data and has no information about the data it's storing or where to find the decryption keys.

Related: 5 Elements Your Cloud Infrastructure Needs to Enable Application Agility

Of course there is some self-interest behind SpiderOak's decision to sponsor this open source platform, as applications built on Crypton can use storage supplied by SpiderOak. But these apps aren't tied to SpiderOak, and developers can choose another cloud resource for storage. (There is one important caveat: If the target storage service isn't free and open source, then developers have to purchase a commercial license to use Crypton.)

Crypton Makes Cloud 'Dumb Storage Medium,' Doesn't Read Data

Crypton applications run on the client side and use JavaScript as opposed to the more server-oriented C++, Objective C or Rails. JavaScript also enjoys a large developer community, especially for Android and iOS, Oberman says. The actual cryptographic work is done on the client side using a standard JavaScript encryption library — no untried, untested cryptographic code or ciphers here.

Continue Reading

Our Commenting Policies