Cloud computing Security: The pros and cons of cloud encrypted data

With the spread of cloud computing, businesses are storing more and more of their core businesses and important data in the cloud, but companies are increasingly worried about data stored in the cloud. At this point, more cloud encryption service providers have sprung up.

Many studies have shown that there is a big divergence between cloud service providers and their customers about who should be responsible for the security of customer data: Suppliers put their responsibilities in the hands of customers, but customers generally disagree. According to a survey conducted by the Ponemon Institute last year, seven of the 10 cloud service providers gave customers the security responsibility for their data, and only 30% of the customers agreed.

Pravin Kothari, CEO and founder of Cloud security provider CipherCloud, said, "The supplier is not responsible, and if you host the data in a cloud environment, you have no visibility to the cloud provider and no control over the data." ”

No wonder cloud encryption vendors are becoming more popular. By encrypting data, customers can ensure that their information is secure, even in the event of a data leak, and can be kept secret from the cloud service provider. For example, CipherCloud uses a Web proxy server to encrypt data on the road to a supported software, such as Salesforce, and other vendors encrypt applications that run on the platform, the service environment, Others focus on the data or cryptographic infrastructure that serves in the encrypted cloud store.

"The problem lies mainly in trust and data control, especially static data," says Ays Gilad Parann-nissany, CEO and co-founder of Porticor. ”

Cloud services are growing rapidly, and security services designed to encrypt cloud data are evolving.

As companies move from software to services to infrastructure-services, technology and solutions are becoming more sophisticated, says Dan Blum, a vice president at Gartner, who is also a leading analyst, said that cloud storage encryption is the most sophisticated solution, and that cloud-specific application encryption is a drunk book.

The key is management

The best solution is those that allow customers to control the key or part of the key, by controlling the key, customers can control access to the data, and even prevent the cloud service provider access to data.

"If all the information is encrypted and is done through a key that is controlled by the client, it is safe to see that the key is not visible to the cloud administrator," says Blum. ”

Porticor's Gilad says that securely encrypting data is not a technical barrier to cloud security services, and the difficulty is finding a way to securely manage keys.

"In this era, any developer knows how to encrypt data, but where do you keep the encryption key?" he says. ”

It is not safe for some vendors to keep their keys in the same cloud environment as the data. Other vendors outsource keys to third parties, and vendors let customers manage their keys themselves. Porticor uses a hybrid approach, somewhat similar to a bank's safe, where the bank holds a key and the customer holds another key. This technology enables customers to ensure the confidentiality of their data while simplifying key management.

Let encryption become available

However, encrypting cloud data also poses some problems:

Blum of Gartner says that using data encryption in software as a service can limit the availability of searches for fields that contain encrypted data, because powerful encryption does not preserve the properties of the original plain text. If the name field is encrypted, searching for a similar name in the client database will not be implemented.

"If you want the ability to search and index, you have to weaken the encryption or increase the data transfer to achieve it," says Blum. ”

Some companies have found ways to allow search, for example, customers can search for exact matches of one or more fields, decrypt all matching records locally, and refine the search.

Another potential problem is that software, or service providers, may want to access customer data, especially user-oriented services that employees bring into the workplace, such as social networks. Cryptographic providers encrypt social network postings, allowing customers to control access to data, which social media companies may see as a threat because the user's posts are their interests.

"If we think social networking is not a toy, but a real utility, then it will require a more secure, more manageable and communicative mechanism," said Steven Sprague, chief executive of Wave Bae. Companies that have been exposed to data leaks through social networking sites may well agree.