Cryptography in the Cloud – What You Need to Know
Cloud technology has rapidly been adopted by organizations of all sizes – from Fortune 500 corporations to plucky start-ups. And no wonder. By eliminating, or greatly reducing, the need to store applications on in-house servers, the start-up can successfully compete on the Fortune 500 corporations’ playing field. However, the risk of data theft or compromise in the cloud environment always looms near – which is why an increasing number of organizations are also implementing cryptography protocols to provide essential data security.
Cloud technology, cryptography, and security
Various approaches are used to extend cryptography to cloud data. One approach is to encrypt the data before uploading it to the cloud. This method is advantageous because the data is encrypted before it leaves the company environment, and the data can only be decrypted by authorized staff members who have access to the decryption keys.
Other cloud storage services can encrypt data when they receive it, which ensures the data they store and transmit is protected by encryption by default. While some cloud providers offer encryption natively, others allow “bring your own” encryption. Though the data encryption occurs in the cloud provider’s environment, customers must maintain the control keys that keep their data secure.
Even if some cloud services are not offering encryption capabilities, they should use encrypted connections such as SSL or HTTPS to make sure that the data is protected in transit. A complete platform for cloud security and encryption should provide robust access controls and key management capabilities.
How cryptography keeps your data secure
Cryptography expert Ralph Spencer Poore explained in an interview with Bank Info Security that because it is not possible to physically control the storage of information in the cloud, the best way to ensure data protection both in motion and at rest is to store it cryptographically, with users maintaining control of the cryptographic keys.
Poore discussed the unique challenges that need to be addressed before selecting a cloud provider. For example, cryptographic implementations can have jurisdictional limitations and potential liability issues because the cloud has the potential of being international, and cryptographic technology by most nations is considered to be a restrictive category. This is of greater importance since the European Union General Data Protection Regulation (GDPR) took effect on May 25 of this year.
There are two types of encryption: symmetric and asymmetric. Described in basic terms, symmetric encryption uses a single key that needs to be shared among the people who need to receive the message, while asymmetrical encryption uses a public key and a private key to encrypt and decrypt messages when communicating. Symmetric encryption is an old technique, while asymmetric encryption is relatively new.
Cryptography and key management
Key management is the management of cryptographic keys in a cryptosystem, which includes the generation, use, storage, destruction and replacement of keys. Key management includes cryptographic protocol design, key servers, user procedure, and other relevant protocols. It concerns keys at the user level, either between the users or systems.
As an increasing number of businesses move their sensitive data to the IaaS, PaaS, SaaS, and cloud services provider environment, strong encryption key management has become more essential than ever before. There exist key management solutions for traditional cloud services and SaaS, as well as for public cloud services.
Businesses are now spending billions of dollars on SaaS offerings around the world. Several SaaS providers offer encryption to their powerful applications, but keeping your sensitive data secure is ultimately your responsibility, and you can do it with key management in compliance with data security and privacy mandates. Data separation from keys is a must for many compliance mandates and is also recommended by the Cloud Security Alliance among best security practices.
Keeping your company’s data secure in the clouds need not be a daunting task. DocuServe is a cloud-based digital data protection company providing services that include cloud-based document management, content encryption and distribution, and digital media replication and encryption. Contact us for secure, cloud-based content distribution and protection.