The Lighter Side Of The Cloud – A Close Call
The Lighter Side Of The Cloud – Company Strategy
The Lighter Side Of The Cloud – Accessories
Why NSA Revelations Will Be Good For Cloud Security

Why NSA Revelations Will Be Good For Cloud Security

Why NSA Revelations Will Be Good For Cloud Security

Edward Snowden’s recent disclosures, including concerns about the NSA’s ability to break certain types of encryption, and the extent of surveillance on cloud service providers, put the entire cloud industry into an uproar.
The bad news is that this has eroded companies’  trust that their data can be secure in the cloud. In fact, industry analysts are predicting that these disclosures will cost US cloud service providers between $22 and $35 billion in revenue by 2016.

But there is light at the end of this tunnel, and what will emerge is a safer, more resilient cloud.

Is Encryption Dead?

In short, no. Expert cryptographer and author of the book “Practical Cryptography,” Bruce Schneier, recently blogged: “Whatever the NSA has up its top-secret sleeves, the mathematics of cryptography will still be the most secure part of any encryption system. I worry a lot more about poorly designed cryptographic products, software bugs, bad passwords, companies that collaborate with the NSA to leak all or part of the keys, and insecure computers and networks. Those are where the real vulnerabilities are, and where the NSA spends the bulk of its efforts.”

Even Snowden has also commented, “Properly implemented strong crypto systems are one of the few things that you can rely on.”

Consequently, we will see continued adoption of encryption technologies in the cloud to protect data in transit and at rest in these shared storage infrastructures.

Encryption will evolve

The evolution of encryption algorithms is nothing new. In recent years, as compute power gets stronger, we’ve seen the migration from DES, to 3DES, to AES-128/256. These longer key lengths are the ‘math’ that prevents computer systems from being able to ‘guess’ an encryption key.  The good news here is that as computer systems get more powerful, they can leverage encryption with longer key lengths easily, without degrading performance.

Further, encryption standards are approved by independent bodies like the National Institute of Standards and Technology (NIST), and are put up for extensive public review before they are published. While those who lean toward conspiracy theories hint at intentional ‘backdoors’ built into these algorithms that can be exploited by the NSA or others, it’s highly unlikely these wouldn’t be found during the review process. These reviews will continue to play a critical role as encryption technologies adapt in the future. Furthermore, the details and implementation of encryption algorithms, such as AES, are public domain.

The Importance of Key Management

If you use AES encryption with a 256-bit key strength, but your encryption system only uses an eight-character password to access those keys, then you effectively have reduced the strength of your encryption key significantly, since a hacker must only guess your password, instead of the actual key. This is why managing and storing these keys securely is so critical.

Threats from Abroad

Data has become a treasure trove, and the cloud can make an even sweeter target. You can be sure that if the NSA is interested in your data, others are as well. Make sure you clearly understand your cloud service provider’s (CSP) service level agreements, particularly as related to security measures. The cloud will become too cost effective to avoid for most organizations, so continued pressure from cloud clients will be the best way to gain security improvements.

Bring your own security

While many CSPs – like Google – have introduced encryption in their cloud offerings, you still need to look a bit deeper. Google’s encryption may protect you from a hacker who manages to get access to their infrastructure, but it won’t prevent Google from giving your data to the Feds. To be sure you are the only one with access to your data, use strong encryption with a good key management system, and make sure YOU keep the keys, not your CSP.

Summary

You can use the cloud, but remember that security is ultimately your responsibility.

  • Encrypt any data you put in the cloud that you want to be private.
  • Use strong crypto (for example one utilizing AES-256, RSA-2048) to protect the data.
  • Use a strong key management solution that supports multi-tenancy, strong separation and audit of administrative roles.
  • Use a key management system that you retain outside of your CSP, and that is independent of your provider.

steve-pate

By Steve Pate

Steve Pate, co-founder and CTO of HighCloud Security, has more than 25 years of experience in designing, building, and delivering file system, operating system, and security technologies, with a proven history of converting market-changing ideas into enterprise-ready products. Before HighCloud Security, he built and led teams at ICL, SCO, VERITAS, HyTrust, Vormetric, and others. Steve has published two books on UNIX kernel internals and UNIX file systems. He earned his bachelor’s in computer science from the University of Leeds.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

2 Responses to Why NSA Revelations Will Be Good For Cloud Security

  1. I guess, that many foreign but also american customers will start to rethink, whether they will use cloud services located in the US. The migration to services located abroad already started since I read everywhere that developers rethink their personal strategy where they store their data and I believe that those personal decisions will also have a long term effect on their companies strategy they influence. Rackspace, Amazon etc are dead meat on the long run.

  2. One first step to building a security posture with the cloud and today’s converged infrastructure is that there is little to know privacy. We are insecure. That sets the stage for a proactive stance of Observe –> Orient –> Decide –> and Act. –http://bit.ly/paul_calento

Popular Archives

5 Considerations You Need To Review Before Investing In Data Analytics

5 Considerations You Need To Review Before Investing In Data Analytics

Review Before Investing In Data Analytics Big data, when handled properly, can lead to big change. Companies in a wide variety of industries are partnering with data analytics companies to increase operational efficiency and make evidence-based business decisions. From Kraft Foods using business intelligence (BI) to cut customer satisfaction analysis time in half, to a…

Cloud Infographic – Monetizing Internet Of Things

Cloud Infographic – Monetizing Internet Of Things

Monetizing Internet Of Things There are many interesting ways in which companies are looking to connect devices to the cloud. From the vehicles to kitchen appliances the internet of things is already a $1.9 trillion dollar market based on research estimates from IDC. Included is a fascinating infographic provided by AriaSystems which shows us some of the exciting…

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring

Internet Of Things – Industrial Robots And Virtual Monitoring One of the hottest topics in Information and Communication Technology (ICT) is the Internet of Things (IOT). According to the report of International Telecommunication Union (2012), “the Internet of things can be perceived as a vision with technological and societal implications. It is considered as a…

Three Factors for Choosing Your Long-term Cloud Strategy

Three Factors for Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

4 Different Types of Attacks – Understanding the “Insider Threat”

4 Different Types of Attacks – Understanding the “Insider Threat”

Understanding the “Insider Threat”  The revelations that last month’s Sony hack was likely caused by a disgruntled former employee have put a renewed spotlight on the insider threat. The insider threat first received attention after Edward Snowden began to release all sorts of confidential information regarding national security. While many called him a hero, what…

Recent

Considerations For Your Business’ Cloud Computing Plans

Considerations For Your Business’ Cloud Computing Plans

Your Business’ Cloud Computing Plans While you can easily access your cloud data from any spot in the world, you must be rather cautious when using it within your business. You must keep your access plans for your cloud network in check so you will not be at risk of having your data becoming compromised…

Gartner: CEOs Realize The Cloud Is Where New Disruptive Industry Platforms Get Created

Gartner: CEOs Realize The Cloud Is Where New Disruptive Industry Platforms Get Created

Gartner CEO and Senior Business Executive Survey Survey Points to Positive Business Conditions and Accelerating Technology Innovation in 2015 STAMFORD, Conn., April 21, 2015 — Most CEOs expect positive business conditions and accelerating technology innovation in 2015, according to a recent survey by Gartner, Inc. The 2015 Gartner CEO and senior business executive survey found…

The Importance Of Cloud Security For Wearable Technology

The Importance Of Cloud Security For Wearable Technology

Wearable Technology Starts With Cloud Security The integration of wearable technology into our society is all but inevitable. Today, major players in the wearable tech field include Google, Fitbit, Boston Scientific and Apple. As users continue to demand ever increasing availability and functionality from their devices, so do security concerns for wearable tech. The future…

Contact Us

Sending

Technology Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7 200px-KPMG

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising