Cloud Data Encryption: Managing Data Security in the Public Cloud
Cloud computing is becoming more widely used by enterprises due to reduced costs and increased efficiency in a difficult economy. Yet there remains concern over data security and encryption, especially in the public cloud, despite public cloud services having implemented strategies for protecting data. Many enterprises are currently looking for specific management strategies for public cloud environments.
The basic choices currently offered by public cloud service providers include encryption services which require trust in either the cloud service provider (CSP) or a third party service. The other option is to create an encryption management system on a server in-house. Alas, trusting encryption to a third party or management system back to an in-house data center takes away the flexibility of using a public cloud environment. So what’s the answer?
Cloud Specific Technology
Using the public cloud environment especially with Infrastructure as a Service (IaaS) or Platform as a Service (PaaS) requires data security and encryption management to be cloud-specific. By using cloud-specific technology, concerns related to data security and encryption shift to a system specifically designed for cloud infrastructure.
One new (as yet unreleased) cloud-specific encryption technology is known as homomorphic encryption, which provides cutting edge cryptography for improved data security. This type of technology will reassure enterprises that sensitive data is never exposed when using a public cloud infrastructure.
Homomorphic encryption allows a computer to perform mathematics on data which is encrypted without having to review the data itself. As experimentation progresses, homomorphic encryption will become of a viable option for enterprises seeking to manage sensitive data.
Another type of cloud-specific data security technology underway is known as “split-key encryption,” allowing for encryption key management in the public cloud without sacrificing trust. Adding partial homomorphic encryption makes split-key technology much more secure.
Split-key encryption technology works similar to the key system used for a safe depository in a bank. There are two keys, one of which is provided to the deposit box holder and the other which is held by the financial institution. The contents of the box can only be accessed using both keys.
With split-key encryption, one key is kept with the public cloud service provider. The second is held by the user for each specific disk or data object. The encryption key kept by the cloud service provider utilizes partial homomorphic encryption, thus left in its unencrypted form and completely effective when used with split-key encryption technology. The virtual master key held by the public cloud service provider can perform math without any knowledge of the actual data, allowing the computer to perform calculations with the encryption key held by the enterprise.
Homomorphic encryption in conjunction with split-key encryption technology is currently an advanced cloud-specific security strategy which provides enhanced data protection.
The key that is held by the enterprise is not known to the cloud service provider. The encryption key held by the cloud service provider does not reside anywhere in the cloud yet is effective when used in conjunction with the specific disk encryption key held by the enterprise. As the application accesses the stored data, the CSP uses both parts of the key to encrypt and decrypt the data. Since the key held by the CSP contains partial homomorphic encryption, the data is protected from intrusion or theft.
In today’s stage of cloud technology maturity, security is vital to any organization. Although encryption is highlighted in this article, there are other effective security measures. GMO Cloud America provides several security options on various levels including firewall and SSL. Read more about this service on the Security section of this website.
Be Part of Our Cloud Conversation
Our articles are written to provide you with tools and information to meet your IT and cloud solution needs. Join us on Facebook and Twitter.
About the Guest Author:
Aeyne Schriber has more than two decades of accumulated experience in IT security, computer technology, and internet marketing, including technology education and administration field both on the public school and college level. She works worldwide helping companies establish an online presence from small businesses to large enterprises. Her skills as a published copywriter and marketer also include consulting and training corporate personnel and entrepreneurs. To find out more, visit www.digitalnewmediamarketing.com
