Home Articles Encrypting cloud data

Encrypting cloud data

Cloud security

Being free to choose the most suitable encryption for your business seems a good idea. But it will only work in a context of recognised standards across encryption systems and providers’ security platforms. Dr. Hongwen Zhang, Chair Security Working Group, CloudEthernet Forum explains.

In the first years of major cloud uptake there was the oft-repeated advice to business that the sensible course would be to use public cloud services to simplify mundane operations, but that critical or high priority data should not be trusted to a public cloud service but kept under control in a private cloud. Instinctively this made sense: you should not allow your secrets to float about in a cloud where you have no idea where they are stored or who is in charge of them.

The irony is that the cloud – being so obviously vulnerable and inviting to attackers – is constantly being reinforced with the most sophisticated security measures: so data in the cloud is probably far better protected than any SME could afford to secure its own data internally. It is like air travel: because flying is instinctively scary, so much has been spent to make it safe that you are less likely to die on a flight than you are driving the same journey in the “safety” of your own car. The biggest risk in air travel is in the journey to the airport, just as the biggest risk in cloud computing lies in the data’s passage to the cloud – hence the importance of a secure line to a cloud service.

So let’s take a look at encryption. Instinctively it makes sense to keep full control of your own encryption and keys, rather than let them get into any stranger’s hands – so how far do we trust that instinct, bearing in mind the need also to balance security against efficiency?

The idea of encryption is as old as the concept of written language: if a message might fall into enemy hands, then it is important to ensure that they will not be able to read it. We have recently been told that US forces used Native American communicators in WW2 because the chances of anyone in Japan understanding their language was near zero. More typically, encryption relies on some sort of “key” to unlock and make sense of the message it contains, and that transfers the problem of security to a new level: now the message is secure, the focus shifts to protecting the key.

In the case of access to cloud services: if we are encrypting data because we are worried about its security in an unknown cloud, why then should we trust the same cloud to hold the encryption keys?

Previous articleBig Computing 2015
Next articleA view of the cloud in Asia
Co-Chair Security Working Group, OpenCloud and Connect President and CEO, Wedge Networks
“Cloud is not only a very fertile and safe business environment, but also where future security will be effectively managed." Dr. Zhang is President and CEO of Wedge Networks which he co-founded in 2005, and co-chair of OpenCloud Connect’s Security Working Group. Dr. Zhang was instrumental in developing the high performance architecture that provides the basis behind Wedge’s award- winning security appliance, the BeSecure Web Gateway. Wedge security technology today protects 12 million global internet users. Wedge Networks has been chosen by OpenCloud Connect (OCC) to help lead its Cloud Security initiative and Dr. Hongwen Zhang was appointed co-chair of OCC’s Security Working Group in November 2013. Dr Zhang holds a Ph.D in Computer Science from the University of Calgary; a M.Sc in Computer Engineering from the Institute of Computer Technology - Chinese Academy of Sciences (Beijing, PRC), and a Bachelor of Science in Computer Science from Fudan University (Shanghai, PRC). With more than two decades of high tech leadership experience, Dr. Zhang is a co-inventor and holder of several patents in the area of computing and networking. Prior to establishing Wedge Networks, he was a co-founder of the 24C Group Inc., which pioneered the first digital receipts infrastructure for secure electronic commerce. Dr. Zhang was previously principal of Servidium Inc., now ThoughtWorks Canada Inc., a global leader in agile development methodology.