Secure Cloud Computing

Us or Them? How Should Data Stored in the Cloud be Encrypted?

Secure Cloud ComputingThere are plenty of good reasons for storing data in the cloud: the seemingly limitless availability of new capacity, access to enterprise class facilities, the ease of retrieving data from multiple devices, and so on.

However, there is always that niggling doubt, especially when it comes to sensitive business data, about how safe cloud storage is. Is the data being accessed by someone who shouldn’t be? The way to ensure that this is not the case is to encrypt all cloud-stored data. However, there is a choice to be made: should data be encrypted by your organization before it is sent to the cloud, or should you rely on the cloud service provider to do it for you?

There is a problem if you leave it to the provider: it may overrule your privacy. For example, the consumer storage provider Dropbox states, “All files stored online by Dropbox are encrypted.” However, it then goes on to say, “Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g. when legally required to do so).”

What this means, in effect, is that as all Dropbox data is stored using Amazon’s S3 storage service “in multiple data centers located across the United States.” Should the US government invoke the Patriot Act and want to see your data then it can do so, regardless of the fact Dropbox has encrypted it for you — as Dropbox manages the keys, it can (and will) comply with the government request. This should further concern European organizations that are already worried about the use being made of such services by their employees.

Amazon itself does not encrypt data by default, but offers encryption as an option. The same caveat for Dropbox also applies to Amazon (although Amazon has European data centers too, and will guarantee data will not stray beyond certain national borders in specific agreed cases). So if you really want your data to be private, you must encrypt it before you send it for storage in the cloud.

Encrypting your own data has another benefit beyond ensuring privacy: should you wish to stop using a given storage service, then you can just stop the subscription and throw away the encryption keys. There is no need to get proof from the provider that the data has been safely deleted. However, there is also a downside: you now have to manage the keys. As with any encryption, this is about ensuring that those with a legitimate need to access data can do so. Often this may not be the individual who originally stored the data.

This is bought into focus when considering one of the use-cases for cloud-based storage: the long term backup and archiving of data. An insurance broker may recognize the advantage of having a cloud backup of all policies, however, some policies — for example those for life insurance — may not be viewed for decades. Ensuring the keys for accessing encrypted data are available years in the future requires long term key management (putting to one side the issue of a given cloud storage provider’s longevity).

Unless data is intended to be in the public domain, if it is in any way sensitive it should almost certainly be encrypted if it is to be stored in the cloud. The decision to be made is: do you outsource the encryption as well as the storage of data and accept that the provider also has access to your data? Or do you manage the encryption yourself, but accept the overheads of key management and that inevitable truth that if you lose the keys you lose the data too.

Image credit:  FutUndBeidl (flickr) – CC-BY-2.0