– Richard Moulds, vice president product management and strategy, Thales e-Security, says:
The General Services Administration (GSA) has vowed to be the first department to utilize cloud-computing capabilities as part of the Obama administration’s “cloud-first” strategy. This program is meant to lower the increasing costs associated with IT departments and consolidate federal data centers. The new initiative requires agencies to recognize three “must-move” IT services that can take advantage of cloud computing applications by late 2012.
While cost reductions and technology updates are both bold and necessary goals to achieve, many government agencies are rightfully apprehensive to quickly adopt this technology, as there are numerous concerns surrounding data security. Creating an environment suitable to meet the needs of government agencies is a daunting task.
The CIOs of government agencies, in actuality, fear that full cloud integration may reduce the control over sensitive data. Traditional security measures can become increasingly transparent as they move to the cloud, resulting in distortions between insiders and outsiders, with security resting on staff that possess minimal control. Even worse, in a shared, multi-tenant environment, the need to worry about compromised sensitive data increases.
Will the cloud ever be trusted with the nation’s intelligence secrets? Or, should only specific classes of data be safely moved to the cloud, negating risks to mission-critical data? In most cases, the adoption of a data centric approach to security gives a solid starting point, which leads to other questions like, who should be responsible for applying that protection and who should hold control of it.
Using cryptography to secure the cloud
Cryptography, which dates back many centuries, has been implemented by rendering data unreadable to those who cannot convert it back to its original form. The implication here is that if a data breach were to occur, the data is essentially useless without the ‘key’ to decrypt it. When evaluating security claims made by cloud providers, it is imperative to consider the type of data that would be secured. Nonetheless, the concept of a ‘secure’ storage environment boils down to several important factors, the most important being the value of the data itself, and what the implications are if it were to be successfully compromised.
Who should protect data in the cloud?
There are two ways to look at this – either the cloud provider has the necessary security perimeters in place, or they don’t. If the provider can’t offer guaranteed, adequate levels of protection, the responsibility of encryption then falls on the government agency in question. Leaving data encryption to the agency ensures that only secure data ever leaves its control, subsequently reducing the impact potential threats may pose to cloud providers. While this may seem like the end-all, be-all solution to the problem, this strategy could limit what operations can be performed in the cloud since it becomes more difficult to handle encrypted data.
Key management and what it means for you
Who handles the keys and who has access to them must be addressed when assessing the overall encryption security model. The cloud provider could potentially handle the keys for network or even basic storage level encryption, allowing agencies to focus fewer resources on handling less important data keys. However, these keys may span multiple tenants, each of whom will have limited or no control over them. In a multi-layer approach, this is a good preliminary level of protection, but offers nothing in terms of segregated protection. The only means of achieving complete isolation between tenants is to have keys dedicated to each specific tenant. However, these keys may still be accessible by the cloud provider and highlights the vulnerabilities associated with insider attacks, which for many is unacceptable.
Government agencies often have no choice but to manage the keys within their own environments, which is important because at the end of the day, it’s the government’s responsibility to hold accountability for that protection.
Robust and trustworthy cryptography
Wherever encryption is utilized and whoever retains liability for managing the keys, it is crucial to evaluate the integrity and reliability of the systems in use. While the encryption algorithms themselves are essentially unbreakable, they are obsolete if the keys are susceptible to attacks. Having known this for years, government agencies have deployed tamper-resistant systems, such as hardware security parameters, to reduce the prevalence of security breaches and to provide the confidence in security, an approach that is likely to carry over to the cloud.
Migrating to the cloud
Cloud computing opens new doors for government agencies to address seemingly conflicting goals – increased flexibility, storage and responsiveness – all while reducing operational costs. Government agencies must examine the necessary protection requirements of their data assets and choose security policies accordingly. Strong cryptography can offer fail-safe protection for data and deliver strong segregation, and managing the keys to the data can provide the means to retain control.
About the Author: As Vice President of Product Management and Strategy, Richard contributes his well-respected data protection expertise and thought leadership to the information technology security activities of Thales. Richard has helped Thales take the lead in redefining the boundaries of encryption management for global enterprises. Richard holds a bachelor’s degree in electrical engineering from Birmingham University and an MBA from Warwick University, UK