Advances in Encryption Technology To Bolster Public Cloud Security
- By Rutrell Yasin
A cloud-focused panel last week hosted by the Brookings Institution examined how developments in encryption technology could strengthen identity and access rights in public clouds.
A common dilemma facing companies with assets in the public cloud is how to ensure against information sharing and leakage, particularly when competitive companies coexist within a public cloud infrastructure. Many companies, after all, are both collaborators and competitors; pharmaceutical companies that cooperate on standards, for instance, might otherwise be strong competitors in the marketplace.
A common and popular solution is claims-based identity management, which gives users access to data for a certain purpose, for a bounded period of time and with limited availability to transfer that data to any other party.
"You want to limit data sharing, so that speaks to the notion of claims-based access," said panelist Dan Reed, corporate vice president of technology, policy and strategy and leader of the eXtreme computing group at Microsoft.
Other developments in encryption technology, including public key cryptography and key management, will refine data access rights in multitenant cloud computing systems, Reed said.
A hot topic now in cryptology research is fully homomorphic encryption, Reed said, or the ability to do computations on data that is encrypted. Currently, data can be encrypted when it is stored, but when it is decrypted, it is in the open and vulnerable to intrusion or mischievous behavior.
The holy grail of public key cryptography is to apply those computations while the data is still encrypted so only the owner of the data controls access. "That is an active area of research in cryptography now," Reed said.
There have been some phenomenal advances during the past few years, but nothing is deployable now, he noted. But continued investment in research in this area is needed, Reed said, noting that the National Institute of Standards and Technology is playing a role in pushing forward standards.
Rutrell Yasin is the senior technology editor of Government Computer News (GCN.com).