Let the data in cloud rest securely

14 Jan

Let the data in cloud rest securely

in Cloud, CloudComputing, ec2, security

One of the prime concerns of anyone using the public cloud (like Amazon EC2, etc) is the security of the data stored in the physical cloud. Data security is of concern at both stages

  1. Data-at-rest: Stored data on the physical storage volumes
  2. Data-in-transit: While the data is being transferred between servers.

While the Data-in-transit can be secured using HTTPS, FTPS, etc, the data-at-rest is more tricky to store as encrypted. Encrypting and decrypting all data at all times during runtime can be a fairly expensive strategy. And at the same time, is necessary if data security is required. i.e. If the data is encrypted before being stored, it has to be unencrypted before being consumed by the application calls. Moreover, data encryption will not work for the companies which want their data to be indexed by search engines (fortunately, the problem is also less severe for them). Data encryption is not just important because it can be compromised but also because of another factor called Data Remanence. Unless adequate measures are taken, data that has supposedly been removed from physical storage might continue to persist, albeit partially. NIST has a guidelines for data sanitization, which can be followed as a guidelines by cloud providers, but to my knowledge no cloud provider currently provides this SLA. Also, to my knowledge, Amazon EC2 does not provide encryption on its EBS volumes. The cloud providers are still evolving and data security of data-as-rest is still an open issue. However, I did stumble upon a very interesting research project being conducted by IBM and Stanford. This research is still nascent, but if homomorphic encryption can really be applied then data would not need decryption. This can boost both performance and security. Performance because data would not toggle between unencrypted (while being handled by the code) and encrypted (while being stored). Security because at no point the data is unencrypted, therefore also alleviating the data remanence problem.

copyright 2012 10jumps Llc.

copyright 2012 10jumps LLC.