Why NSA Revelations Will Be Good For Cloud Security

Why NSA Revelations Will Be Good For Cloud Security

Why NSA Revelations Will Be Good For Cloud Security

Edward Snowden’s recent disclosures, including concerns about the NSA’s ability to break certain types of encryption, and the extent of surveillance on cloud service providers, put the entire cloud industry into an uproar.
The bad news is that this has eroded companies’  trust that their data can be secure in the cloud. In fact, industry analysts are predicting that these disclosures will cost US cloud service providers between $22 and $35 billion in revenue by 2016.

But there is light at the end of this tunnel, and what will emerge is a safer, more resilient cloud.

Is Encryption Dead?

In short, no. Expert cryptographer and author of the book “Practical Cryptography,” Bruce Schneier, recently blogged: “Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.”

Even Snowden has also commented, “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Consequently, we will see continued adoption of encryption technologies in the cloud to protect data in transit and at rest in these shared storage infrastructures.

Encryption will evolve

The evolution of encryption algorithms is nothing new. In recent years, as compute power gets stronger, we’ve seen the migration from DES, to 3DES, to AES-128/256. These longer key lengths are the ‘math’ that prevents computer systems from being able to ‘guess’ an encryption key.  The good news here is that as computer systems get more powerful, they can leverage encryption with longer key lengths easily, without degrading performance.

Further, encryption standards are approved by independent bodies like the National Institute of Standards and Technology (NIST), and are put up for extensive public review before they are published. While those who lean toward conspiracy theories hint at intentional ‘backdoors’ built into these algorithms that can be exploited by the NSA or others, it’s highly unlikely these wouldn’t be found during the review process. These reviews will continue to play a critical role as encryption technologies adapt in the future. Furthermore, the details and implementation of encryption algorithms, such as AES, are public domain.

The Importance of Key Management

If you use AES encryption with a 256-bit key strength, but your encryption system only uses an eight-character password to access those keys, then you effectively have reduced the strength of your encryption key significantly, since a hacker must only guess your password, instead of the actual key. This is why managing and storing these keys securely is so critical.

Threats from Abroad

Data has become a treasure trove, and the cloud can make an even sweeter target. You can be sure that if the NSA is interested in your data, others are as well. Make sure you clearly understand your cloud service provider’s (CSP) service level agreements, particularly as related to security measures. The cloud will become too cost effective to avoid for most organizations, so continued pressure from cloud clients will be the best way to gain security improvements.

Bring your own security

While many CSPs – like Google – have introduced encryption in their cloud offerings, you still need to look a bit deeper. Google’s encryption may protect you from a hacker who manages to get access to their infrastructure, but it won’t prevent Google from giving your data to the Feds. To be sure you are the only one with access to your data, use strong encryption with a good key management system, and make sure YOU keep the keys, not your CSP.

Summary

You can use the cloud, but remember that security is ultimately your responsibility.

  • Encrypt any data you put in the cloud that you want to be private.
  • Use strong crypto (for example one utilizing AES-256, RSA-2048) to protect the data.
  • Use a strong key management solution that supports multi-tenancy, strong separation and audit of administrative roles.
  • Use a key management system that you retain outside of your CSP, and that is independent of your provider.

steve-pate

By Steve Pate

Steve Pate, co-founder and CTO of HighCloud Security, has more than 25 years of experience in designing, building, and delivering file system, operating system, and security technologies, with a proven history of converting market-changing ideas into enterprise-ready products. Before HighCloud Security, he built and led teams at ICL, SCO, VERITAS, HyTrust, Vormetric, and others. Steve has published two books on UNIX kernel internals and UNIX file systems. He earned his bachelor’s in computer science from the University of Leeds.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

2 Responses to Why NSA Revelations Will Be Good For Cloud Security

  1. I guess, that many foreign but also american customers will start to rethink, whether they will use cloud services located in the US. The migration to services located abroad already started since I read everywhere that developers rethink their personal strategy where they store their data and I believe that those personal decisions will also have a long term effect on their companies strategy they influence. Rackspace, Amazon etc are dead meat on the long run.

  2. One first step to building a security posture with the cloud and today’s converged infrastructure is that there is little to know privacy. We are insecure. That sets the stage for a proactive stance of Observe –> Orient –> Decide –> and Act. –http://bit.ly/paul_calento

Comics

At CloudTweaks, we're plugged into the cloud, the internet of things and all that the web has to offer. From wearable technology, to mobile computing, cloud computing and big data, CloudTweaks is your source for updates and news on the most innovative technology.

Popular

Top Viral Impact

Cloud Infographic: Cloud Computing Growth

Cloud Infographic: Cloud Computing Growth

An excellent infographic provided by AwesomeCloud which predicts a continued high level of growth in the cloud computing industry. Potentially staggering numbers for Public Cloud IT Services of $100 Billion by 2016. Infographic Source: AwesomeCloud About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the…

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic – The Internet Of Things In 2020

Cloud Infographic –  The Internet Of Things In 2020 The growing interest in the Internet of Things is amongst us and there is much discussion. Attached is an archived but still relevant infographic by Intel which has produced a memorizing snapshot at how the number of connected devices have exploded since the birth of the…

Big Data Analytics Adoption

Big Data Analytics Adoption

Big Data Analytics Adoption Big Data is an emerging phenomenon. Nowadays, many organizations have adopted information technology (IT) and information systems (IS) in business to handle huge amounts of data and gain better insights into their business. Many scholars believe that Business Intelligence (BI), solutions with Analytics capabilities, offer benefits to companies to achieve competitive…

IBM and SAP Announce Industry’s Largest Cloud Deal

IBM and SAP Announce Industry’s Largest Cloud Deal

IBM and SAP Announce Industry’s Largest Cloud Deal IBM and SAP have shaken the cloud computing world this afternoon with the announcement of one of the largest cloud deals in the industry’s history – bringing together two of the largest technology companies in a bid to offer a more holistic service to their clients. SAP…

Featured Sponsors

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud: Air Traffic Control For Your Customer

Salesforce Service Cloud One of the greatest benefits of the increasingly reliable and ubiquitous state of cloud technology is the removal of business silos and the consolidation of information flow, both in-house and on the road. This is of particular importance to the many different types of professionals whose work involves customer relationship management (CRM).…

Sponsors

Built For The Cloud vs. Adapting To The Cloud

Built For The Cloud vs. Adapting To The Cloud

Built For The Cloud vs. Adapting To The Cloud It may just sound like semantics, but there is a real difference between something that was “built for” versus “adapted to.” Would you rather buy a house that was “designed for” energy efficiency or one that was “adapted to” be energy efficient? “Built for” describes a…

Placement Opportunities - Find Out!

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

You can help continue to support our community by social sharing, sponsoring, partnering or contributing to this great educational resource.

Contact

CloudTweaks Media
Phone: 1 (212) 763-0021

Join Our Newsletter