Cloud security awaits encryption breakthroughs
- By Rutrell Yasin
- Jul 15, 2011
Many companies are both collaborators and competitors — a couple of pharmaceutical companies that cooperate on standards, for instance, might otherwise be strong competitors in the marketplace.
So how do you ensure that there is a limited amount of information sharing — and leakage — in such cases when competitive co-tenants coexist within a public cloud infrastructure?
How to tame roaming data in the wilderness of the cloud
In the cloud, good policy enforcement makes good neighbors
Developments in encryption technology could help strengthen identity and access rights in these instances.
A common and popular approach is claims-based identity management, which gives users access to data for a certain purpose, for a bounded period of time and with limited availability to transfer that data to any other party.
“You want to limit data sharing, so that speaks to the notion of claims-based access,” said Dan Reed, corporate vice president of technology, policy and strategy and leader of the eXtreme computing group at Microsoft.
Other developments in encryption technology, including public key cryptography and key management, will refine data access rights in multitenant cloud computing systems, said Reed, who spoke June 16 on a panel sponsored by the Brookings Institution about evaluating the Cloud Computing Act of 2011.
A hot topic now in cryptology research is fully homomorphic encryption, Reed said, or the ability to do computations on data that is encrypted. Currently, data can be encrypted when it is stored, but when it is decrypted, it is in the open and vulnerable to intrusion or mischievous behavior.
The holy grail of public key cryptography is to apply those computations while the data is still encrypted so only the owner of the data controls access. “That is an active area of research in cryptography now,” Reed said.
There have been some phenomenal advances during the past few years, but nothing is deployable now, he noted. But continued investment in research in this area is needed, Reed said, noting that the National Institute of Standards and Technology is playing a role in pushing forward standards.
Rutrell Yasin is senior editor for GCN covering cloud computing.