A guest posting by Gilad Parann-Nissany
- Have the recent stories of NSA snooping, data collection, and attempts at breaking encryption made you reconsider how you store and use data in the cloud?
- Are you wondering what information is being collected (or can one day be collected) about your business?
- Is the NSA watching? Do hackers have a way into your systems? Do you need to ease your customers’ fears (or your own)?
- In these Orwellian times, is there any way to limit the reach of Big Brother?
I offer: Strong Cloud Encryption.
Revelations from the NSA leaks shows that the NSA can steal or use the law to demand encryption keys from providers. The NSA (and possibly other organizations) are not only keeping pace with technology, but also planning for the future of data in the cloud.
Business must also be looking and planning for the future. Starting now. Starting with strong cloud encryption.
CNN reports that NSA has a number of methods for accessing data: “the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.” According to CNN, most of NSA’s information comes from moles placed in companies, not from technology. This means that the less information the cloud provider is privy to, the less can be passed on to the government.
Edward Snowden, the former computer technician at NSA who leaked documents belonging to the agency, has said that “properly implemented strong crypto systems are one of the few things that you can rely on.” Weak encryption will be easily infiltrated by the NSA, but stronger encryption is still out of its reach.
It has been suggested that regular users shouldn’t be concerned about NSA infiltration since they aren’t engaging in suspicious activity. However, there is reason to be extra-vigilant: NSA’s activities may have weakened overall internet security, making their back door strategies available to technologically advanced criminals as well as to government agencies. The persistent question of “is my data secure in the cloud?” has been answered clearly: data is only as secure as you make it.
And to make data secure in the cloud, you must use strong cloud encryption.
In response to the NSA news, businesses must transcend the way they have been thinking about their data in the cloud and how to secure it. One of the strongest encryption technologies, split-key and homomorphic key encryption, makes it impossible for hackers and internal staff to get access to data they shouldn’t have access to. Split-key encryption creates two unique keys. To unlock the encryption, both keys are required. One of those keys stays in the hands of the customer at all times and it ensures that private data remains private. The master key is known only to the application owner and is encrypted when in use in the cloud, so even if it is stolen, it cannot be used to hack into data. This solution also avoids the usual homomorphic encryption lack of speed. With split-key encryption, applications maintain their regular speed, running quickly and securely.
Encryption works, and when implemented correctly, can secure your cloud data. You can also take additional steps to reduce your exposure from attack.
In conclusion, the NSA is powerful: they watch, they listen, they collect data. In cases of national security, perhaps this is a good method to catch terrorists. In cases of private business data, there is a way to block the NSA from getting to your sensitive information: strong data encryption.
About the Author
Gilad Parann-Nissany is the founder and CEO of Porticor Cloud Security. He is a pioneer in the field of cloud computing who has built SaaS clouds, contributed to SAP products and created a cloud operating system. He has written extensively on the importance of cloud encryption and encryption key management for PCI and HIPAA compliance. Gilad can be found on his blog, Twitter, LinkedIn, and Google+ discussing cloud security.