With prevalence of remote storage services, data privacy issues become more serious owing to loss of control to outsourced data. In the meanwhile, the service providers tend to minimize storage utility costs. To minimize the storage costs while preserving data privacy, secure deduplication techniques have been proposed, which are categorized into client-side or server-side approaches. Client-side approach achieves storage and bandwidth savings at the same time but allows external adversaries to know existence of duplicates in the remote storage. On the contrary, server-side one prevents the adversaries from getting acknowledged but sacrifices network bandwidth savings. In fog computing, however, which is a new computing paradigm extending the cloud computing by outsourcing a centralized workload of the cloud to geographically distributed fog devices located at the edge of the networks, the previous deduplication schemes cannot guarantee efficiency improvement and privacy preservation simultaneously. In this paper, we present a simple but nontrivial solution of these contradictory issues in fog storage. The proposed hybrid secure deduplication protocol combines client-and server-side deduplications by taking untrustworthy fog storage environments into account. The client-side deduplication is applied in inter-network (i.e., cloud-fog network) communications to prevent network congestion at the network core, while the server-side deduplication is adopted in intra-network (i.e., user-fog network) communications to prevent information leakage via side channels for maximal data privacy. Performance and security analyses demonstrate the comparable efficiency of the proposed scheme with security enhancement.