Encrypting Your Cloud Data For Extra Protection

Encrypting Your Cloud Data

Encrypting data is one of the best ways of protecting your data as it moves to the cloud. The only thing better than encrypting your data, is not storing your data at all.

Let’s first look at the case of using file sharing applications such as Dropbox. If you are the only user of the files you store there, you can encrypt these files, or entire folders, with tools such as 7-zip or TrueCrypt before you move them to the cloud service.

However, it is likely that you want to share the files with somebody else. That means that these people should have the same encryption software and have access to the keys. So you have to figure out how to share the keys safely and protect them as you store them.

The hard thing about using encryption therefore is not so much the technology (although ‘under the hood’ encryption is really complicated), the hard thing is to understand what it protects against, and what the new risks are that encryption brings. Then you can start designing at which location where you encrypt, where you store your encrypted data, and how you are going to store and manage the encryption keys.

Peeking Inside

In the file sharing example, you encrypt to protect your data as it is ‘at rest’ at the cloud provider. You may trust the cloud provider, but you may want to prevent a search warrant forcing the provider to surrender your data. The encrypted data is stored at your own laptop or computer and at the file sharing service provider. The keys could be memorized or written down. Losing those keys is a new risk, by the way.

For a different example, let’s have a look at an enterprise customer relationship management system such as Salesforce. The data at rest includes a lot of customer data, which might bring in privacy concerns.

 

Encryption Solutions

So in order to protect that, you might want to prevent that data going to the cloud unencrypted. There are a number of solutions in the market for that. One solution involves a separate cloud provider who filters all your CRM traffic and replaces customer data with encrypted customer data. When you then access that data, it will be decrypted by the same encryption provider. You still need to put some trust in the encryption provider, but they will no longer store your unencrypted data, so the risk of any loss of data at rest there is pretty small.

Now if you are a software developer, you might be using Infrastructure as a Service. That means your software runs on a virtual machine at a cloud provider. What kind of risks do you have there that encryption might be able to reduce?

To start with, your virtual machine has a virtual disk on which your data is stored. Of course, there is the risk that the staff of your cloud provider could access that. More realistically, that disk could be cloned by an insider and taken away for further inspection.

Risk Assessment

That risk can be addressed by encrypting the hard disk in the operating system, very much in the same way as you can encrypt the hard disk of your laptop. In most operating systems this is fairly easy. The biggest remaining issue is how to get the encryption key to the virtual machine as it boots up. That can be done, but it’s a little outside the scope of this article.

So far we have looked at data at rest. We should also look at data in motion. That’s a bit easier. An example of protecting data in motion is through using HTTPS for web traffic. Other cases of data in motion are file transfers such as with FTP and terminal traffic using Telnet. These are really old protocols that don’t encrypt anything, not even passwords. It is best to get rid of these as soon as possible and start using SFTP and SSH. You guessed it, the letter “S” in these protocol names stands for “Secure”.

Finally, we need to put things into perspective a bit.

Did you know that most data breaches last year were the result of hackers breaking in to user computers and point-of-sales devices (as in the case of Target Supermarkets), and not by hackers breaking into cloud providers?

All encryption in the cloud leaves the users’ computers unprotected. Did you know that 1 in 20 laptops go missing in their lifetime? And still most people don’t encrypt their hard disks!

So please look at the lock on your backdoor before you start putting an extra lock on your front door.

By Peter HJ van Eijk

Space

The Space Race Is Heating Up

The Space Race Is Heating Up For years the Space Race was the domain of countries and the national space programs. Namely Russia and America with China and India joining the game more recently. The ...
Juan Pablo Perez Etchegoyen

Key Considerations for Keeping Mission-Critical Cloud Applications Secure and Compliant

Keeping Cloud Applications Secure and Compliant According to reports, nearly 70% of enterprises were moving mission-critical business functions and processes to the cloud before the pandemic. In today’s new normal, that number has skyrocketed. Organizations ...
Bruce Guptill

How CFOs and CIOs See Finance Management Priorities

Cloud and the Finance-IT Effectiveness Gap IT leaders today tend to be much better aligned with business and operational leaders and business goals than they were just five years ago. Unfortunately, they are still not ...
ISC2 Webinar

Key Results from the 2021 Cloud Security Report

2021 Cloud Security Report The 2021 Cloud Security Report, sponsored by (ISC)2, explores current cloud security trends and challenges, how organizations are responding to security threats in the cloud and reveals tools and best practices ...
Flexiant Tony Lucas

There Are Still Opportunities For Service Providers

Opportunities For Service Providers Service providers (SPs) still have a golden, but short-lived opportunity to commercialize the $266.4 billion cloud services market before AWS and others call it “game over.” By being more agile, able to ...
Suraj Gupta

The Rise of the “Ecosystem of Ecosystems”

Ecosystems Emergence Even during these uncertain times, once fierce competitors are now collaborating and co-existing to not only survive, but thrive. Salesforce is partnering with Microsoft and AWS for better customer success. Apple is partnering ...