The Problems with Encrypting Data in the Cloud

The Problems with Encrypting Data in the Cloud

Cloud security is gaining a renewed focus, now that Apple founder Steve Wozniak has issued a stern warning about Cloud security risks. In response, numerous vendors have lined up to say that if you’re concerned about the security of your data in the Cloud, the simple solution is to encrypt them. In fact, there’s a new crop of Cloud gateways — appliances that go in your corporate DMZ and encrypt all traffic to the cloud, decrypting it on the way back. So, you can encrypt all your data in the Cloud with nobody being the wiser. What could be simpler?

There remain two central problems with encryption in the Cloud. The first is key management. It is absolutely essential that you maintain your private keys on premise, because all a hacker needs to do if you put your private key in the Cloud is steal it — since you can’t encrypt your private key. The good news here is that there’s no requirement that you put your private keys in the Cloud or use your Cloud provider’s private key. But relying upon your Cloud provider to manage a private key for you is like locking your valuables in a hotel room. They are as secure as the maids are honest.

But even if you maintain your private keys on premise, there’s still a problem with encrypting all your data in the Cloud: you can’t do anything with them (other than store them and move them around) as long as they’re encrypted. If you want to get any value from those data, you must either decrypt them in the Cloud or pull them back to your on-premise environment for processing. (There are technologies for working with encrypted data while they’re still encrypted, but those approaches aren’t ready for prime time yet).

If all you want to use the Cloud for is to store your data, then this limitation isn’t a problem for you. But sometimes you’re required to actually do something with your data. For example, HIPAA healthcare regulations allow for putting data in the Cloud as long as they’re secure. But the regulation also requires making the data available for statistical analysis (say, for nipping epidemics in the bud). But there’s no practical way to perform such analysis in the Cloud without decrypting the data first.

The Cloud’s security failings may be overblown, and on-premise environments and Private Clouds have their own security issues as well, but it’s important to understand just what security the Cloud does — and more importantly, does not — offer. Do I agree with the Woz? More or less, but even more important: I believe it was a good thing he expressed this opinion, if only to solicit defensive responses from Cloud security vendors.

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing