Decentralized cloud architectures are becoming increasingly popular. These architectures allow for cheaper, more secure, robust, private, and reliable features than those that centralized architectures can provide. The traditional centralized storage model is used by all the “big name” providers, including Google, Dropbox, Apple, Tresorit, ProtonDrive, Sync, pCloud, MEGA... Users’ data is stored on physical servers that are owned and operated by the cloud provider. Decentralized cloud architectures are mainly offered by companies such as Internxt, Sia, Storj, MaidSafe, Filecoin.

Some of these traditional providers client-side encrypt user data, whereas some don’t. However, that certainly is not enough when looking to truly protect user data.

Cloud storage is classified as decentralized if the storage system is distributed around the world, and centralized if the storage system is singularly controlled. In the centralized version, the storage system is maintained by the cloud controller, and it is operated by the central server in the cloud controller. All the hosts are allocated with only one storage system for storing the images, files, and data. In the decentralized version, a group of clusters with different storage systems for different clusters are used. Therefore, the group of hosts in the cluster will use the storage system related to that cluster but not the other storage system of the other cluster. This provides higher levels of scalability, redundancy, and durability in decentralized architectures.

Offering a centralized service instead of a decentralized one involves some very serious trade-offs. ProtonDrive itself recognizes that “the nature of decentralized models makes them highly effective at defeating censorship.

Without a centralized server, there is no single point of failure for decentralized cloud storage systems. There is no one server that can suffer a catastrophic failure, accidentally burn to the ground, or be seized by a third party. With decentralized systems, your data is stored on the disks of multiple (possibly even hundreds of) operators, who may be located all over the world.

As demonstrated by the success of the p2p BitTorrent protocol, this makes decentralized systems almost impossible to censor, block, or shut down, as there is no central organization that can be pressured or coerced. Downloading data from a decentralized network can be very efficient when the recipient is able to obtain data from multiple sources simultaneously.”

The paper “Analysis of Centralized and Decentralized Cloud Architectures” by the School of Computing, University of South Alabama (2016) studies the topic. This research is funded in part by a grant from the National Science Foundation, Division of Computer and Network Systems, Secure & Trustworthy Cyberspace Program. The research finds the following: Defining characteristics, such as the degree of component centralization or decentralization, have significant implications on the security and performance of cloud-based services. Cloud components which are centralized, often increase the risk of catastrophic failure in the event of a zero-day virus. Decentralized components offer compartmentalization of risk.

Another paper, “Cloud Storage. A comparison between centralized solutions versus decentralized cloud storage solutions using Blockchain technology” by the Polytechnic University of Bucharest, concludes “Central cloud storage solutions introduce a single point of failure. In the case of Amazon S3 Bucket the data coming from an IoT device is stored on Amazon’s Servers. If the S3 Bucket suffers a security breach the data stored is compromised. Another advantage of the Ethereum based storage is the encryption capability at the data file level using SHA256 asymmetric encryption method, the data inside the blockchain network cannot be altered.”

Internxt Drive is the only easy-to-use cloud storage service that doesn’t only provide zero-knowledge encryption (like ProtonDrive, Tresorit, and many other traditionally secure cloud storage services), but it goes a step further by offering its service on an infrastructure of data centers spread all over the globe. Internxt, nor any third-party can access any of your files. Files uploaded to Internxt Drive are fragmented, client-side encrypted, and distributed all over the globe, so that a server never holds a complete file, but instead an encrypted data shard.

Decentralized storage clusters provide security via compartmentalization. Even if attackers are able to infiltrate an isolated storage array, they cannot launch a rogue virtual machine without also hacking the cloud’s compute component. In these architectures, files are often split into evenly sized segments of data. Each segment or block has its own address but no metadata to provide context about what it is.

The storage target can be configured to replicate data across storage arrays or distributed file systems. Decentralized compute components isolate resource scheduling from the control node. A cluster controller performs scheduling for its respective cluster. If an isolated cluster controller is compromised or otherwise brought offline, the other cluster controller would still function. In the case of Internxt Drive, files are not only distributed and replicated but also end-to-end encrypted.

We are using AES 256 CTR encryption protocol. In centralized systems, if the cloud controller is hacked, the storage array should be considered compromised as well. The decentralized compute design presents a reduced risk of catastrophic failure.

All in all, decentralized architectures provide enhanced security to cloud functionality. The services they provide are performed in isolation. If a decentralized component is compromised or encounters a runtime error which is an unrecoverable worst-case scenario is that the component goes offline, while the rest of the cloud continues to function normally. This design presents a failsafe which increases cloud stability. On the other hand, centralized cloud designs interlace core functions within the same space. If an error or attack manages to destabilize a centralized component, the entire cloud is at risk.

Did this answer your question?