Encrypting Your Cloud Data For Extra Protection

Encrypting Your Cloud Data

Encrypting data is one of the best ways of protecting your data as it moves to the cloud. The only thing better than encrypting your data, is not storing your data at all.

Let’s first look at the case of using file sharing applications such as Dropbox. If you are the only user of the files you store there, you can encrypt these files, or entire folders, with tools such as 7-zip or TrueCrypt before you move them to the cloud service.

However, it is likely that you want to share the files with somebody else. That means that these people should have the same encryption software and have access to the keys. So you have to figure out how to share the keys safely and protect them as you store them.

The hard thing about using encryption therefore is not so much the technology (although ‘under the hood’ encryption is really complicated), the hard thing is to understand what it protects against, and what the new risks are that encryption brings. Then you can start designing at which location where you encrypt, where you store your encrypted data, and how you are going to store and manage the encryption keys.

Peeking Inside

In the file sharing example, you encrypt to protect your data as it is ‘at rest’ at the cloud provider. You may trust the cloud provider, but you may want to prevent a search warrant forcing the provider to surrender your data. The encrypted data is stored at your own laptop or computer and at the file sharing service provider. The keys could be memorized or written down. Losing those keys is a new risk, by the way.

For a different example, let’s have a look at an enterprise customer relationship management system such as Salesforce. The data at rest includes a lot of customer data, which might bring in privacy concerns.

 

Encryption Solutions

So in order to protect that, you might want to prevent that data going to the cloud unencrypted. There are a number of solutions in the market for that. One solution involves a separate cloud provider who filters all your CRM traffic and replaces customer data with encrypted customer data. When you then access that data, it will be decrypted by the same encryption provider. You still need to put some trust in the encryption provider, but they will no longer store your unencrypted data, so the risk of any loss of data at rest there is pretty small.

Now if you are a software developer, you might be using Infrastructure as a Service. That means your software runs on a virtual machine at a cloud provider. What kind of risks do you have there that encryption might be able to reduce?

To start with, your virtual machine has a virtual disk on which your data is stored. Of course, there is the risk that the staff of your cloud provider could access that. More realistically, that disk could be cloned by an insider and taken away for further inspection.

Risk Assessment

That risk can be addressed by encrypting the hard disk in the operating system, very much in the same way as you can encrypt the hard disk of your laptop. In most operating systems this is fairly easy. The biggest remaining issue is how to get the encryption key to the virtual machine as it boots up. That can be done, but it’s a little outside the scope of this article.

So far we have looked at data at rest. We should also look at data in motion. That’s a bit easier. An example of protecting data in motion is through using HTTPS for web traffic. Other cases of data in motion are file transfers such as with FTP and terminal traffic using Telnet. These are really old protocols that don’t encrypt anything, not even passwords. It is best to get rid of these as soon as possible and start using SFTP and SSH. You guessed it, the letter “S” in these protocol names stands for “Secure”.

Finally, we need to put things into perspective a bit.

Did you know that most data breaches last year were the result of hackers breaking in to user computers and point-of-sales devices (as in the case of Target Supermarkets), and not by hackers breaking into cloud providers?

All encryption in the cloud leaves the users’ computers unprotected. Did you know that 1 in 20 laptops go missing in their lifetime? And still most people don’t encrypt their hard disks!

So please look at the lock on your backdoor before you start putting an extra lock on your front door.

By Peter HJ van Eijk

Yotascale podcast

Episode 10: The Modern Day Smokestack? The Economics of Cloud Management

The Modern Day Smokestack A conversation with Asim Razzaq, CEO, Yotascale Why is cloud cost management so difficult? What are the main challenges in achieving cloud cost optimization? What are the principles of cost optimization ...
Gary Bernstein

7 Ways To Ensure That Your Software Can Keep Up With Your Data

Keys To Managing Your Data Data has become a lot more important in our modern society. It is why many people consider data to be the new oil. It is as valuable as oil, and ...
Ronald van Loon

Getting Future Ready with a Modernized Hybrid Cloud Environment

Getting Future Ready Hybrid cloud is the foundation in which modernized organizations are built, and organizations need a modern platform and infrastructure to get the most out of their hybrid cloud environments. Organizations need to ...
Juan Pablo Perez Etchegoyen

The S/4 HANA Decade is Here: Three Tips for a Successful Migration

Three Migration Tips For organizations using SAP, migrating to S/4 HANA is a project that’s either in the works or on the horizon as the 2027 deadline for completion looms. The new generation of SAP ...
The Top 20 Cybersecurity Startups To Watch In 2021

The Top 20 Cybersecurity Startups To Watch In 2021

20 Cybersecurity Startups Cybersecurity, privacy and security startups have raised $1.9 billion in three months this year, on pace to reach $7.6 billion or more in 2021, over four times more than was raised throughout ...

PROXY SERVICES

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Smartproxy

    Smartproxy

    Smartproxy is a rising star in the constantly growing proxy market. Smartproxy offers awarded customer service, impressive performance, and is serious about your anonymity (yes, cybersecurity matters). The latest features developed by Smartproxy are 30 minute long sticky sessions and Google Proxies. Rumor has it, the latter guarantee 100% success rate

  • Bright Data

    Bright Data

    Bright Data’s network is one of the most robust of its kind globally. Here are its stark advantages: Extremely stable connection for long sessions (99.99% uptime guaranteed). Free to integrate with our Proxy Manager which allows you to define custom rules for optimized results. Send unlimited concurrent requests increasing speed, cost-effectiveness, and overall efficiency.

  • Rsocks

    Rsocks

    RSocks team offers a huge amount of residential plans which were developed for plenty of tasks and, most importantly, has been proved to be quite efficient. Such variety has been created on purpose to let everyone choose a plan for a reasonable price, online, rotation and other parameters.

  • Storm Proxies

    Storm Proxies

    Storm Proxies' network is optimized for high performance and fast multi-threaded tools. You get unlimited bandwidth. No hidden costs, no limits on bandwidth. Try Storm Proxies 100% Risk Free. If you are not happy with the service email us within 24 hours of purchase and we will refund you.