Nowadays cloud computing and resources has become a popular solution used by people to exchange and store information. Moreover, it has become a place where data is being kept permanently for archival and safe storage.
Our trusts in cloud-based systems are increasing day by day, and more and more of personal and sensitive data gets stored in the cloud. For example, it is not uncommon that important documents from bank, ID card scans, and other confidential business papers are often get stored in the cloud (iCloud, google drive, Dropbox, etc.)
Cryptography and Cloud Data
Encryption is not a new technology and was in existence for a long time. Before the cloud era, the encrypted data was stored on servers located within the physical premises where the company had direct control.
One of the best choices is to encrypt sensitive data when it is created so that it will be protected during its storage in local or a cloud server. One of the important concerns in cryptography and encryption is the management of encryption keys and passwords. Separating the encryption key from the encrypted data is vital.
One of the critical elements in protecting cloud data is to keep the encryption keys with the user rather than the cloud provider. This will ensure that the data is not accessible by the cloud provider and by a third party in the event of a security breach.
A lot of cloud services are not just storing client data, and they offer processing options with the data. So in cases where the user encrypts the data, it’s just a bunch of random bytes to the cloud provider which will make it impossible to use many of the services provided by the cloud service. In this article, we are focussing mainly on the storage aspects and not on the cloud platforms for data analysis. Analysing sensitive data on the cloud is a topic of its own.
Best practices for Encrypting Cloud data
Some of the recommended practices for encrypting sensitive data in the cloud are as follows (from the Cloud Security Alliance, in its Security Guidance for Critical Areas of Focus in Cloud Computing)
- Always encrypt the data using approved algorithms and long, random keys
- Encrypt the data before it passes from the enterprise to the cloud provider
- Make sure that the data remains encrypted in transit, at rest, and in use
- The decryption keys should be inaccessible to cloud provider or its staffs
Management of cloud encryption
We are getting into a new world where data centers and data will be the gold mines and potential targets for cyber-attacks and espionages.
Organizations and individuals need to adopt proactively and a data-centric approach to protect their sensitive data from advanced cyber threats in the current scenario with rapid evolution in technologies such as virtualization, cloud services, and mobility.
Consistent protection of sensitive data should be ensured by implementing data security solutions which provide efficient and effective data protection through encryption and cryptographic key management.
Data privacy protection tips for Individuals
- Avoid storing sensitive information in the cloud, unless you know how to do it securely
- Carefully read and understand the security and privacy policies of the cloud provider and keep away from shady services
- Be serious about passwords and encryption keys
As outlined in this article Encryption is one of the best ways to protect your sensitive data from prying eyes. This is in simple language is as follows, when you need to keep a sensitive file on the cloud, you need to password protect the files before uploading to a cloud provider. One of the simple software to use is 7zip, which is a free and open source tool which allows data compression and encryption.