Here's a Good Resource for Learning About Encryption Schemes Before You Put Data in the Cloud

Linda Musthaler
By | September 12, 2014

Posted in: Hosting Provider DDoS Protection

If your organization is planning to have data and applications in the cloud, then you are probably planning to use encryption to secure the data. Encryption is a technology that transforms your data into an alternate format that only authorized parties with a decryption key can read. Like most technologies, encryption can be implemented in numerous ways.  Which of these ways, called the encryption scheme, is right for your situation?

You need to have a decent understanding of encryption schemes before you start talking to cloud providers to see what they offer and what encryption schemes they can support. This is especially true for SaaS providers, where the encryption capabilities should be tightly integrated with the application.

There's a very good white paper on this topic written by a couple of technologists, Alexandra Boldyreva, PhD, and Paul Grubbs and available for download here. The white paper, "Encryption Schemes and Their Relative Strengths and Weaknesses," explains how you can use certain encryption methodologies to secure data in the cloud but still be able to perform vital functions such as search and sort on the encrypted values.

Think about an application where you need to store customer account information in the cloud. That application wouldn't be very useful if you couldn't search through the database to find specific records, or you couldn't sort through the records to put them in a specific order for a report. Even if the data is encrypted, you want to maintain the functionality of your application, and there are encryption schemes that preserve those functions.

Boldyreva and Grubbs explain in detail how to choose the right encryption scheme(s) for your needs and present the most appropriate use cases for the schemes. They point out where you might be sacrificing security in favor of preserving functionality. For example, utilizing searchable encryption gives you the weakness of the equality of keywords, which makes certain statistical attacks possible.

Beyond the encryption schemes, the technologists make recommendations on specific mathematical algorithms to use in each case.

The information in this white paper is a good starting point for a thorough discussion with your cloud vendors on data encryption.

You May Also Be Interested In: