Insights | Paranoid? Encrypt Your Data in the Cloud

Paranoid? Encrypt Your Data in the Cloud

By Andy Hilliard | October 15, 2012

More and more web applications are moving to the cloud or on to host computers that application owners do not control. While this move reduces the need for server space, there are security questions that arise. Companies need to consider how to protect user data from hacking or data loss, when the decision is made to shift tocloud-based hosting.

In the late 1990s, when the creation of online software was taking off, we wanted to encrypt information that was stored within our system, and of course, we needed the key to do that encryption. Where did we put that key? We just put it online within the same system that had access, so that our own software could encrypt and decrypt people’s passwords and other important, critical data.

This system had a major downfall.

If someone hacked into the system, they could find this key, and they would have access to everything. You must have a more sophisticated approach for storing or managing keys.

This problem hasn’t disappeared. Last year Amazon’s Simple Storage Service was found to be susceptible to an http attack that could expose users’ data storage accounts. In a traditional setting (before the cloud), systems and data sets would be kept physically separate from each other. This way, if one was accessed, the others wouldn’t be. On the cloud, multiple data sets from varying organizations – each with different policies regarding sensitive data storage – can be present in a single location. Maintaining control over information in this environment can be problematic.

Encryption is one part of data loss prevention (DLP) software, designed to offer more security options for data. DLP goes beyond simple encryption. There are four types of DLP: standard security measures, advanced security measures, access control and encryption and designated DLP solutions. Standard measures include firewalls, intrusion detection systems (IDS’s) and antivirus software, while advanced measures employ techniques such as machine learning and temporal reasoning algorithms to detect abnormal access. Access control encryption includes the key encryption discussed previously. Designated solutions include the detection and prevention of unauthorized attempts to copy or send sensitive data. In order to do tasks prohibited by designated solutions, the user must perform other authorization measures, such as data fingerprinting or exact data matching.

Encryption techniques have stepped up. Volume-based encryption, application-specific encryption and file encryption have adapted to work better in the cloud. These are not without some impracticalities and hiccups. Application developers need to consider what features their program has to encrypt information and how else they might be able to protect user information. It is evident that key encryption is vulnerable to outsider access.

Employing a variety of different data loss prevention techniques is necessary, moving forward. As cloud hosting grows, these options, as well as others yet to be developed, will need to be ironed out.


Interested in reading more?

More from Accelerance

February 22, 2021

FOLLOW THE SUN: Why Asia has the edge for low-cost, high-delivery software outsourcing

Countries with rapidly developing technology sectors such as Vietnam and Bangladesh, and emerging software outsourcing industries in Malaysia and Thailand offer some great opportunities for Western...

February 19, 2021

Spotlight on Bangladesh: Liberation Inspires an Emerging Software Development Industry

One of the most densely populated cities in the world, Dhaka – the capital of Bangladesh – is home to more than half a million rickshaws. Uber and other taxi services are just as easy to find; it’s...

February 17, 2021

Offshore Software Development in the Philippines

A US colony for nearly 40 years, Manila is a sprawling city with modern high-rises and traditional Filipino charm. The capital of the Philippines is extremely Westernized and considered one of the...

Whitepapers

December 3, 2020

2021 Due Diligence Guide

Learn About the Key Advantages to Outsourcing in Eastern & Central Europe:

September 25, 2020

Guide to Outsourcing in Eastern & Central Europe

Learn About the Key Advantages to Outsourcing in Eastern & Central Europe:

August 15, 2020

2020 Guide to Software Outsourcing Rates

Gain insight into the latest rates for software development outsourcing resources with our proprietary benchmarking guide that offers:


How can we help you succeed?

We make outsourcing successful with innovative partner selection services and tailor-made consulting solutions to ensure your desired outcomes.

Let’s Get Started