Moving security controls such as public key infrastructure to cloud computing can be a real cost savings, but is cloud computing security strong enough to ensure its security?
When you consider the different components of a PKI-based system, the public key infrastructure is clearly gaining a meaningful foothold in the IT field. From certificate licensing to certificate revocation lists to the registration structure, it is very obvious that ensuring the security of communications within a PKI environment is a very computational resource-intensive task. In view of this, the cost of related costs can easily get out of control, which means that the need to move all the PKI to cloud computing is a very worthwhile proposition.
A public key infrastructure enables enterprise users to secure data exchange in a public network, such as the Internet using an encryption key pair, and to authorize security certificates to end users. The convenience of moving PKI to cloud computing has far-reaching implications. Also for cost reasons, many companies that have shunned PKI in the past may now want to rethink their positioning, that is, that infrastructure, service (IaaS), has become a more economically viable option for many enterprise users.
The core of a PKI based system is certificate authorization (CA). The CA sends an authorization certificate to the end user through a specified internal server or server cluster. In large global organizations, this process can be quite cumbersome. If the CA server at each site is strong enough to handle the daily workload assigned to the CKI environment properly, its network performance problems may not be much of a problem. Conversely, if the CA server has other tasks or does not have the high performance to do the job, consider another way to access the CA. In both cases, moving this task to cloud computing may be a subject that deserves further study.
But the proposition is outdated when we consider moving the entire public key infrastructure of the enterprise to cloud computing, such as Amazon Web services AWS or Google Cloud computing. Because we're not just putting the license in the cloud, we're moving all the other related components to cloud computing--registries, certificate revocation lists, LDAP servers, and so on. We suddenly find that performance problems are no longer a problem, as organizations are willing to buy sufficient resources from vendors.
For example, let's assume that a system administrator wants to set up a basic PKI for his network in AWS. Administrator order configure and deploy an appropriate number of Amazon machine images (AMI); he/she can configure all servers through the same monitor, including a CA server, a certificate revocation List server (CRL) server, and a registration authority (RA) server. The administrator can then simply set all network traffic to the same group of AMI to properly authorize the work. If, for some reason, the system administrator needs to add more infrastructure later, he can accomplish this expansion task with simple operations.
The security trap of moving a PKI to cloud computing the move of public key infrastructure to cloud computing may be meaningful in terms of economy and ease of operation, but what is the other side of this double-edged sword? Ironically, one of the problems with moving a PKI to cloud computing is security-related.
Once the enterprise decides to relocate its public key infrastructure to cloud computing, the owner of the data will no longer have the physical control of the data. For example, if a cloud company is brought up with a targeted lawsuit, the cloud-computing provider could be forced to hand over data that belonged to a third party that was completely lying on the arrow-that is, its customers. Because the law has grey areas for the interpretation of the actual owners of data stored in cloud computing, the above situation is not a myth. Also, if a company is dissatisfied with its cloud-computing provider, replacing a supplier may not be a successful task.
While moving the public key infrastructure to cloud computing may be a significant decision at many different levels, it is a matter of great prudence and deliberation to really make this decision.
Companies such as Gazzang are already working to address such security issues, such as the public keys used by these PKI on separate platforms.
Despite the problems, moving the public key infrastructure to a cloud-based platform is an idea that will evolve into an industry best practice.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.