Encryption Can Create Stormy Weather in the Cloud
Regulatory compliance requires some businesses to control the keys by which they encrypt their data. Other organizations simply don't want to lose control of their information. However, if an organization wants to use a cloud provider's services, it can allow a provider to access its keys.
Encryption still takes place in the cloud, but it's done with keys managed by
the customer.
Encryption has received a lot of attention lately as a
solution to the growing data breach problem, but one of the hang-ups dogging the
technology has been its ability to play nice in the cloud.
That's especially true if an organization wants to control the keys by which
its data is scrambled and use services offered by a cloud provider beyond simple
storage.
For example, if a cloud provider can't decrypt a client's data, it could
break the provider's antivirus, data loss prevention, file preview and text
indexing functions, as well as pose performance challenges.
If the cloud provider can't decrypt your data, the cloud just
becomes a dumb bucket.
That's why cloud service providers in the past have had access to users' data
encryption keys. As long as a user trusted their provider, that approach was
acceptable, but that's no longer the case for many organizations.
Trust But Keep Keys
Compliance with regulations requires some businesses to control the keys by
which they encrypt their data. Other organizations just don't want to lose
control of their information.
However, if an organization wants to use a cloud provider's services, it can
allow a provider to access its keys. Encryption still takes place in the cloud,
but it's done with keys managed by the customer.
From a security perspective, though, that solution is imperfect. A rogue
employee of the cloud provider could abuse those key privileges to peek at, or
leak a customer's data. The solution also opens the door for lawyers or
government authorities to snatch the data.
Those authorities usually obtain data from a provider through a civil or
criminal subpoena. As long as there isn't a gag order attached to the subpoena
-- a rare occurrence except in national security cases -- a customer with
control of its encryption keys has a chance to protect their data.
After we receive a subpoena, we inform the customer that we've received it,
at which time the customer can deny us access to its encryption keys, If they do
that, the only thing we could hand over to the courts is encrypted data.
In the instances where we're served with a subpoena for data
with a gag order, there's pretty much nothing we can do but turn over decrypted
data without telling the customer.