The savior of cloud computing security fear: Encryption

I feel a little exaggerated about the fear of cloud security. Why? Because a smart framework that protects data, applications, and connections is already there. It is called "encryption ". What is under development and is nearing perfection is a set of implementation methods and best practices that everyone agrees.

Through this article, we will talk about some interesting work done by Trend Micro and IBM.

For Trend Micro and IBM, in addition to the industry leader, we can also add a comment: most security product vendors and cloud service providers are also studying cloud computing security. Blocking the writing of a roadblock on cloud security is that people tend to choose to shut up and not talk about this topic, because security is a major concern. As an old saying goes: "If I tell you, I have to kill you ."

In addition, there are a variety of very different activities, it is difficult to have a general grasp of the direction of security issues. Therefore, my attempt to put all related topics in this "encryption" pocket is a summary attempt, and I will summarize the connection points of these activities to find out some meanings.

When I want to combine all the complex and comprehensive articles, I find that what I can do is to provide incomplete fragments. So I listed three very interesting points below, although there is no close correlation between them.

1. Encryption has been used

First, I got a reminder from my readers (comment from my previous blog post) about how he uses encryption to protect cloud connections.

"I have been using Amazon Web services since the beginning of 2006. I can only talk about these experiences, but all the tools are there and they are only used. For example, you can use a rotating key, which is my favorite private VPN. If you already have a well-running security architecture, you can now use a private VPN in your existing system to expand your dizzy resources without opening up your system. In the early 1980s S, we encountered many identical problems when we connected the annoying LAN to a host system that could handle transactions through the SNA gateway ."

2. People are studying the improved cloud encryption technology

My friend at Trend Micro hinted that they are working on some functional work and that they will be working on some unknown dates in the future (I 'd like to clarify that they haven't talked about putting them into production ), they will provide encryption solutions for public cloud computing. Based on Identum Ltd., these studios were acquired by Trend Micro in 2008, a British company incubated at Bristol University in Bristol. Identum technology forms the foundation of Trend Micro's current email encryption solution.

Indentum's encryption technology experts are now participating in this research on cloud computing. This basic and very powerful concept is to provide an encrypted proxy for every virtual computing instance. In this way, each Virtual Machine (VM) will have its own resident manager to ensure the correct application of encrypted and secure resources.

In essence, the biggest benefit you get through this method is the automated application of each security policy. Therefore, you will have built-in encryption key management in the process, and do not have to worry about unprotected Virtual Machine instances in your computing resources.

3. Attractive third point

For the third point, I can't really think of a proper title. I just need to use it. From the second generation of Trend Micro to the IBM section, I should note that encryption key management is not trivial. You can imagine that all cloud security relies on the ability to generate and distribute these keys, while ensuring they do not fall into the bad guys. Hackers cannot crack your keys and intrude into your security system. What they do is to steal these keys.

This leads to IBM's research on homomorphic encryption. Please refer to this press release: IBM researchers have addressed long-standing unresolved cryptographic challenges. This is a very difficult topic. I try my best to restore it. IBM's breakthrough is that it allows users to send encrypted data everywhere on the cloud, you can operate on it in any way you want, and finally you can still decrypt it.

At present, there are still strict restrictions on the operations that can be performed on encrypted data, because some operations may make a mess of data and thus cannot be decrypted.

Why is this a problem? Because you want to process encrypted data as long as possible without restoring it to a simple visible format. In this way, you do not need to spend time on keys, or, even worse, provide these keys to those you cannot confirm whether they are trusted.

The problem with the IBM study was that they could not confirm that they had resolved the problem. Bruce Schneier, a long-standing authority, pointed out that their work is theoretically impressive but completely impractical.

In any case, IBM has found the pivot to push this forward.

Finally, I would like to recommend you a good article, George Reese's 20 Amazon cloud security rules. The main point of this article is to "encrypt everything" and only use the decryption key on the surface of your simple instance.