If you’re a customer and thinking about storing sensitive data on the cloud, then the only way to safeguard it is with cryptography. This brings up a fundamental problem between you (as a customer) and your cloud service provider.
The problem is that in the cloud, a customer doesn’t have the luxury of having actual, physical control over the storage of information. However, many providers have caught onto this particular worry and are providing customers with exclusive access to their own encryption keys. This is normally achieved by creating a separate partition on a Hardware Security Module (HSM) which is then allocated to the customer. The keys associated with the partition are exclusive to the customer (and only the customer) the provider has no access to them.
This is one approach. It may not give a customer the warm feeling of physical access to their own cryptographic modul, but it at least ensures that nobody else can access their data.
Any cloud service that involves the encryption of data (even where the key management is rock solid) is only as good as the SLA and your contract with the service provider. In real terms, your contract is the only thing you have should problems arise, this is especially the case when jurisdictional issues arise as the result of the cloud spanning multiple national borders.
You have to be sure that your service provider is not further outsourcing or if your encrypted data resides in a country which requires the publication of keys to government agencies or restricts the encryption algorithms. You have to remember that encryption and the associated algorithms falls into the area of munitions with many countries.
Questions regarding jurisdiction, process and cryptographic controls need to be clearly defined in your contract.
In summary, the secure encryption of data can be achieved in the cloud but you will have to have an ironclad contract between yourself and your service provider – especially one that you fully understand.
We can help you make the correct choice when approaching the subject of cryptography in the cloud. We can liaise between your business and the service provider to ensure that the correct contract is implemented before you commit data to the cloud.
Contact us for further help.