Estimated reading time: 2 minutes, 50 seconds

Cloud Computing’s Use of Cryptography and Encryption

Cloud Computing’s Use of Cryptography and Encryption Photo by CMDR Shane on Unsplash

Public cloud providers are required to securely handle and protect their customer’s data. Two related concepts employed to ensure this data security are cryptography and encryption. Various implementations of these concepts have been used throughout the history of computing. Their use is critical in efforts to protect an enterprise’s sensitive data in a public cloud environment.

Security Concerns in the Cloud

The threat of corporate data breaches is very real and can lead to serious negative repercussions to an organization’s financial health. They also affect an enterprise’s ability to instill consumer confidence in their ability to protect their customers’ personal data. Storing data in the cloud introduces new threats and complications that need to be addressed to ensure the security of corporate and customer information.

Hackers who successfully subvert cloud security can gain unauthorized access to greater quantities of data than when attacking a solitary corporate data center. This fact makes the cloud a tempting target with a potentially lucrative payoff. In 2018, cloud customers were exposed to over 600 million cyber attacks.

Cloud providers are aware of their vulnerability and employ cryptography and encryption to protect their clients’ data. There are multiple ways to implement this security, some of which are more resilient to malicious attacks than others. The specific methods that your provider uses can have a dramatic impact on the actual security of your data.

Encryption Methods

Encryption can be implemented in a number of ways that offer varying levels of data protection. The main options are:

  • Channel encryption - Also referred to as in-transit encryption, this method employs an encrypted channel between your facility and the cloud server. Data is then decrypted at the server, making it vulnerable to unauthorized use.
  • At-rest encryption - When using this type of encryption, the cloud provider encrypts the data prior to storing it. This necessitates that the provider holds the encryption keys used to decrypt the data, exposing your data to rogue system administrators or hackers who steal the admins’ credentials. 
  • End-to-end encryption - This is the most robust method of encrypting your data. All data is encrypted on your computer or device before being transmitted to the cloud. You retain the encryption keys, making it impossible for the cloud provider to access your information.

The manner in which you and your cloud provider plan to encrypt your data should be thoroughly investigated to ensure its security.

Managing Encryption Keys

There are multiple cryptographic algorithms used to encrypt data in the cloud. The most popular are Data Encryption Standard (DES), Advanced Encryption Standard (AES), Rivest-Shamir-Adleman (RSA), and homomorphic encryption. These methods all rely on the use of encryption keys to protect data. Without access to the key, the data cannot be decrypted and is essentially unusable.

Managing and controlling the encryption keys is critically important in maintaining the security of your data. Allowing your cloud provider to have access to the keys introduces another potential weakness in your data security efforts. In some applications, this may be unavoidable and require a degree of trust with your provider that may make you uncomfortable. 

Third-party key management tools that restrict the cloud provider from accessing the keys is one answer to this complex problem. The keys to your data are nothing to be trifled with, and ceding control of these valuable assets needs to be carefully considered as part of your move to the cloud.

Read 3155 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.