Insights | Paranoid? Encrypt Your Data in the Cloud

Paranoid? Encrypt Your Data in the Cloud

By Andy Hilliard | October 15, 2012

More and more web applications are moving to the cloud or on to host computers that application owners do not control. While this move reduces the need for server space, there are security questions that arise. Companies need to consider how to protect user data from hacking or data loss, when the decision is made to shift tocloud-based hosting.

In the late 1990s, when the creation of online software was taking off, we wanted to encrypt information that was stored within our system, and of course, we needed the key to do that encryption. Where did we put that key? We just put it online within the same system that had access, so that our own software could encrypt and decrypt people’s passwords and other important, critical data.

This system had a major downfall.

If someone hacked into the system, they could find this key, and they would have access to everything. You must have a more sophisticated approach for storing or managing keys.

This problem hasn’t disappeared. Last year Amazon’s Simple Storage Service was found to be susceptible to an http attack that could expose users’ data storage accounts. In a traditional setting (before the cloud), systems and data sets would be kept physically separate from each other. This way, if one was accessed, the others wouldn’t be. On the cloud, multiple data sets from varying organizations – each with different policies regarding sensitive data storage – can be present in a single location. Maintaining control over information in this environment can be problematic.

Encryption is one part of data loss prevention (DLP) software, designed to offer more security options for data. DLP goes beyond simple encryption. There are four types of DLP: standard security measures, advanced security measures, access control and encryption and designated DLP solutions. Standard measures include firewalls, intrusion detection systems (IDS’s) and antivirus software, while advanced measures employ techniques such as machine learning and temporal reasoning algorithms to detect abnormal access. Access control encryption includes the key encryption discussed previously. Designated solutions include the detection and prevention of unauthorized attempts to copy or send sensitive data. In order to do tasks prohibited by designated solutions, the user must perform other authorization measures, such as data fingerprinting or exact data matching.

Encryption techniques have stepped up. Volume-based encryption, application-specific encryption and file encryption have adapted to work better in the cloud. These are not without some impracticalities and hiccups. Application developers need to consider what features their program has to encrypt information and how else they might be able to protect user information. It is evident that key encryption is vulnerable to outsider access.

Employing a variety of different data loss prevention techniques is necessary, moving forward. As cloud hosting grows, these options, as well as others yet to be developed, will need to be ironed out.

More from Accelerance

September 18, 2020

Spotlight on Colombia: Thriving Software Development Outsourcing Industry

I’ve been to Colombia four times on business trips – twice as a client, working on projects with there; and most recently, after joining the company myself, introducing a new client to the...

July 29, 2020

Spotlight on Costa Rica: Central America's Calling Card

When it comes to work/life balance, Costa Rica gets it right. In this beautiful and peaceful country, a “work hard and play hard” approach to life is the perfect mix. If you’re heading over on a...

July 27, 2020

Spotlight on Uruguay: South America’s Best-Kept Secret

Uruguay may be the second-smallest country in South America, with a population of just 3.5 million, but it’s the leading software exporter per capita in the region. Lying between Argentina and...

Whitepapers

August 15, 2020

2020 Guide to Software Outsourcing Rates

Gain insight into the latest rates for software development outsourcing resources with our proprietary benchmarking guide that offers:

July 27, 2020

2020 Guide to Software Outsourcing in Latin America

Qualified software engineering teams are not easily found. 

September 17, 2019

What CTOs Need to Tell CFOs About Software Development Outsourcing

Alignment between your company’s CFO and IT strategy is significant to outsourcing software development

Tech leaders and CFOs need to speak the same language when selecting a software outsourcing...

How can we help you succeed?

We make outsourcing successful with innovative partner selection services and tailor-made consulting solutions to ensure your desired outcomes.

Let’s Get Started