Encryption is our primary tool for providing data confidentiality, an essential requirement for many Cloud Computing applications. However, as I discussed in the previous blog post, encryption is not a perfect approach. But why stop there? Let’s take another pot shot.
Data availability is not generally on the list of Cloud security concerns, but if your security gets in the way of your data availability, then you have a problem. The most obvious risk here is losing your private key. Perhaps a failed hard drive is the culprit, or more likely, a simple human error leads to the corruption or loss of your private key. Now all the data you used that key for are gone. You’re still paying to store them in the Cloud, but for naught — you may as well be storing so many rocks.
And what about your backups? A backup (cloud backup or otherwise) is only as good as your ability to restore your data from the backup. Anyone who has dug out that old backup tape to find it’s unreadable knows that the most conscientious backup routine on the planet amounts to bupkus if you can’t restore from backup.
So, what if you’re backing up data in encrypted form in the Cloud? Many months later, say you must restore some day’s backed up data. Only it’s encrypted. With an older key. You religiously rotate your private keys (an information security best practice). So which key did you use last June 23rd? And where is it? If you can’t find it, then bye-bye backup.