Cloud computing security: Good and bad data encryption

Many studies have shown that there is a big divergence between cloud service providers and their customers about who should be responsible for the security of customer data: Suppliers put their responsibilities in the hands of customers, but customers generally disagree. According to a survey conducted by the Ponemon Institute last year, seven of the 10 cloud service providers gave customers the security responsibility for their data, and only 30% of the customers agreed.


　　

"The supplier is not responsible and if you host the data in a cloud environment, you have no visibility to the cloud provider and no control over the data," said Pravinkothari, chief executive and founder of
Cloud security provider CipherCloud. ”


　　


no wonder Cloud encryption vendors are becoming increasingly popular. By encrypting data, customers can ensure that their information is secure, even in the event of a data leak, and can be kept secret from the cloud service provider. For example, CipherCloud uses a Web proxy server to encrypt data on the road to a supported software, such as Salesforce, and other vendors encrypt applications that run on the platform, the service environment, Others focus on the data or cryptographic infrastructure that serves in the encrypted cloud store.


　　

"The problem lies mainly in trust and data control, especially static data," says Aysgiladparann-nissany, chief executive and co-founder of
Porticor. ”


　　


cloud services are growing rapidly, and security services designed to encrypt cloud data are evolving.


　　


as businesses move from software to infrastructure as services, technology and solutions become more sophisticated, and the vice president of Gartner, also a renowned analyst Danblum, says cloud storage encryption is the most sophisticated solution, while application encryption in the cloud's specific domain is a drunken book.


　　


Key is management


　　

The best solution for
is those that allow customers to control key or partial keys, and by controlling the key, customers can control access to the data and even prevent cloud service providers from accessing the data.


　　


"If all the information is encrypted and is done through a key that is controlled by the client, it is safe to see that the key is not visible to the cloud administrator," says Blum. ”


　　


Porticor's Gilad says that securely encrypting data is not a technical barrier to cloud security services, and the difficulty is finding a way to securely manage keys.


　　


he said, "in this era, any developer knows how to encrypt data, but where do you keep your encryption key?" It's not that simple. ”


　　


It is not safe for some vendors to keep their keys in the same cloud environment as the data. Other vendors outsource keys to third parties, and vendors let customers manage their keys themselves. Porticor uses a hybrid approach, somewhat similar to a bank's safe, where the bank holds a key and the customer holds another key. This technology enables customers to ensure the confidentiality of their data while simplifying key management.


　　


allows encryption to become available


　　


However, encrypting cloud data also poses some problems:


　　


Gartner's Blum says that using data encryption in software as a service restricts its availability search for fields that contain encrypted data, because powerful encryption does not preserve the properties of the original plain text. If the name field is encrypted, searching for a similar name in the client database will not be implemented.


　　


Blum said: "If you want to search and index the ability, you have to weaken encryption or increase data transmission, in order to achieve." ”


　　


Some companies have found a way to allow search, for example, customers can search for an exact match of one or more fields, decrypt all matching records locally, and refine the search.


　　


Another potential problem is that software, or service providers, may want to access customer data, especially user-oriented services that employees bring into the workplace, such as social networking. Cryptographic providers encrypt social network postings, allowing customers to control access to data, which social media companies may see as a threat because the user's posts are their interests.





"If we think social networking is not a toy, but a real utility, it will require a more secure, easier to control and communicate mechanism," Wavesystems CEO Stevensprague said. Companies that have been exposed to data leaks through social networking sites may well agree.