The Problems with Encrypting Data in the Cloud

Cloud security is gaining a renewed focus, now that Apple founder Steve Wozniak has issued a stern warning about Cloud security risks. In response, numerous vendors have lined up to say that if you’re concerned about the security of your data in the Cloud, the simple solution is to encrypt them. In fact, there’s a new crop of Cloud gateways — appliances that go in your corporate DMZ and encrypt all traffic to the cloud, decrypting it on the way back. So, you can encrypt all your data in the Cloud with nobody being the wiser. What could be simpler?

There remain two central problems with encryption in the Cloud. The first is key management. It is absolutely essential that you maintain your private keys on premise, because all a hacker needs to do if you put your private key in the Cloud is steal it — since you can’t encrypt your private key. The good news here is that there’s no requirement that you put your private keys in the Cloud or use your Cloud provider’s private key. But relying upon your Cloud provider to manage a private key for you is like locking your valuables in a hotel room. They are as secure as the maids are honest.

But even if you maintain your private keys on premise, there’s still a problem with encrypting all your data in the Cloud: you can’t do anything with them (other than store them and move them around) as long as they’re encrypted. If you want to get any value from those data, you must either decrypt them in the Cloud or pull them back to your on-premise environment for processing. (There are technologies for working with encrypted data while they’re still encrypted, but those approaches aren’t ready for prime time yet).

If all you want to use the Cloud for is to store your data, then this limitation isn’t a problem for you. But sometimes you’re required to actually do something with your data. For example, HIPAA healthcare regulations allow for putting data in the Cloud as long as they’re secure. But the regulation also requires making the data available for statistical analysis (say, for nipping epidemics in the bud). But there’s no practical way to perform such analysis in the Cloud without decrypting the data first.

The Cloud’s security failings may be overblown, and on-premise environments and Private Clouds have their own security issues as well, but it’s important to understand just what security the Cloud does — and more importantly, does not — offer. Do I agree with the Woz? More or less, but even more important: I believe it was a good thing he expressed this opinion, if only to solicit defensive responses from Cloud security vendors.

Share the Post:
Share on facebook
Share on twitter
Share on linkedin


The Latest

iOS app development

The Future of iOS App Development: Trends to Watch

When it launched in 2008, the Apple App Store only had 500 apps available. By the first quarter of 2022, the store had about 2.18 million iOS-exclusive apps. Average monthly app releases for the platform reached 34,000 in the first half of 2022, indicating rapid growth in iOS app development.

microsoft careers

Top Careers at Microsoft

Microsoft has gained its position as one of the top companies in the world, and Microsoft careers are flourishing. This multinational company is efficiently developing popular software and computers with other consumer electronics. It is a dream come true for so many people to acquire a high paid, high-prestige job

your company's audio

4 Areas of Your Company Where Your Audio Really Matters

Your company probably relies on audio more than you realize. Whether you’re creating a spoken text message to a colleague or giving a speech, you want your audio to shine. Otherwise, you could cause avoidable friction points and potentially hurt your brand reputation. For example, let’s say you create a