Every Cloud Needs a Silver Lining

Gilad Parann-Nissany

Subscribe to Gilad Parann-Nissany: eMailAlertsEmail Alerts
Get Gilad Parann-Nissany: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Cloud Computing, PC Security Journal, Security Journal, Government News, Sarbanes Oxley on Ulitzer, Java in the Cloud

Blog Feed Post

Master Cloud Encryption Keys: The Heat Is On

Don’t keep your cloud encryption keys with Cloud Providers

Earlier this month, we discussed the effect of NSA Leaker, Edward Snowden and the Prism Scandal on the future of cloud security.  We asked (and answered) the question: What level of paranoia is justified in the wake of PRISM?  But it seems the scandal just grows and grows. We now hear that the Feds put heat on Web firms for master cloud encryption keys. It is unclear whether US authorities have the legal clout to obtain the master encryption keys that Cloud Providers use to shield customer data.  However, it is crystal clear that the government wants this right.  As the ripple effect of the scandal continues, we find ourselves being asked by customers: how do we make sure our keys are protected so that we can make sure our data is protected?

Cloud Security is special because Cloud Economics are special: if anyone (whether a commercial interest or the government) can get master encryption keys, they can scan massive amounts of cloud-based information, without regard to who owns it, and without the effort needed to open specific backdoors to specific resources.

Actually, we should give the USA credit: the current debate going on in the US could not happen in many other places around the world. In America, PRISM is a scandal; in other places, it happens without comment and on the largest possible scale. As a famous example, think of the Great Chinese Firewall.

The juxtaposition that compliance with regulations like PCI DSS and HIPAA that require you to protect your data and the government now trying to access the same encryption keys brings us back to the question of control.

Take back control – own your master keys
The obvious answer to privacy concerns is to keep your private things private. If you do not want anyone reading your data, keep it at home under lock and key. But in today’s modern lifestyle, where the web – in both private life and commerce – has become ubiquitous, locking up your data takes on a whole new meaning.

Ideally, you want to use the Cloud freely and at the same time, totally maintain your privacy. The perfect solution would be to use all the solutions from Cloud providers, but keep the master cloud encryption keys for yourself.

You do need to be careful though: many Cloud Providers actually have little incentive to hand you back control, because they themselves gain commercial advantage from scanning your data – for example, for advertising. And Cloud Providers do obey the law, which means they can fight legally up to a point, but if the law is on the government’s side – they must comply and hand over your private information.

The bottom line is – the only entity that has your own best cloud privacy interests at heart – is you.  And yours is the only entity that should control your master cloud encryption keys.  Not the government.  Not the cloud providers.  Only you.

But . . . how?

Technology for good and bad
Technology does have solutions. Emerging technical approaches allow you to keep your master keys to yourself, while still using them to encrypt your cloud-based data. You can use the cloud and still stay in control (read this white paper for additional details).

Beyond the tech stuff, the wider lesson: technology can be used for good or not, and it’s up to you to get proactive and use the right technologies so you can use the Web and the Cloud to the full extent, while keeping your private data – private.

The post Master Cloud Encryption Keys: The Heat is On appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.