Industry talking to customers What's this?

How can I be sure no-one will snoop into my cloud-based data?

Published: June 25th, 2015 By: Lynn Greiner

One of the biggest inhibitors of public cloud use is the fear that data will not be secure. After all, it’s the “public” cloud, and who knows what evil lurks there.


The Enterprise Connectivity Series
Future-proofing your business

It is, to some extent, a valid concern. Data stored in the cloud is no longer safely within corporate data centre walls. Even if it resides in a professionally managed facility such as a Rogers data centre that adheres to best practices, it’s still not your facility. However, there’s one precaution that can help put those fears to rest: encryption.

Even if encrypted data can be accessed, all the culprit will see is gibberish, unless he has the encryption keys. But there are best practices associated with encryption, too, and unless they’re followed, you won’t get good results.

First, the data must be encrypted in all three of its possible states: in transit (moving over the wires), at rest (sitting in storage, either in your data centre or in the cloud), and in use. If it’s not, it could be intercepted in its native state and compromised. Second, the encryption keys must be protected. As soon as anyone has both data and keys, the information is vulnerable.

To complicate matters, there are other constraints. It goes without saying that whatever encryption is used should be standards-based, and it must support both structured and unstructured data. It also should not break functionality in applications – for example if searching and sorting can’t be performed in Salesforce, the software won’t work properly. That’s counter-productive.

Key management can be a challenge too. The cloud provider should not control the encryption keys — the customer should. That way, if a government or legal entity demands access to a dataset, the customer – who owns the data – will be in control. If the provider holds the keys, it can be compelled to grant access to customer data without the customer’s knowledge. It’s ugly, but it’s legal.

There are several ways in which encryption keys can be secured. Customer Managed Keys (CMK) give customers sole control over the ability to manage the encryption keys used to protect their data in the cloud, ensuring it can’t be accessed by anyone, including the provider, without customer consent. Another approach uses split key encryption in which the master key is held by the customer, to prevent unauthorized access. Each data object is encrypted with a key that has two parts: the master key and the second “banker” key.

These are but a few of the things to think about when contemplating encryption for data security. The Cloud Security Alliance, an organization dedicated to promoting security best practices in the cloud, has published a white paper detailing further considerations. It’s well worth a read.


  • The Very important topic you have selected for discussed here, I really appreciate it. Actually, this is a most concerning point for all those who are using cloud services and those who are planning to have this services. Thanks for making it in light.

GET NEWS AND INSIGHTS CRITICAL TO YOUR BUSINESS Enter your email to receive the IT Business Newsletter and emails of interest from IT World Canada.

ITWC is obtaining consent to send emails. Your information will not be shared outside of ITWC. You may unsubscribe at any time.
ITWC | 55 Town Centre Court | Suite 302 | Toronto | Ontario | M1P 4X4