Seamless Cloud Security Depends on Encryption Done Right

  /     /     /  
Publicated : 22/11/2024   Category : security


Seamless Cloud Security Depends on Encryption Done Right


As the enterprise shift to the cloud, theres a debate about whats best for securing data as it moves from one platform to another. A Boston startup is looking to encrypt data in motion and at rest, and this could be the next big trend.



To the InfoSec neophyte, it may seem axiomatic that data should be encrypted always and everywhere -- particularly in the age of the so-called seamless cloud.
And, despite sophisticated arguments to the contrary, one
recently funded
Boston-area startup is founded on the proposition that the neophytes are right.
Some pundits contend that accessibility tradeoffs may outweigh any security benefits when it comes to encrypting data at rest in addition to data in transit -- not least of all because compromising the right users credentials can make encryption a moot point. (See
My Cybersecurity Predictions for 2018, Part 4: Regulating Encryption
.)
In an interview with Security Now, Randy Battat, CEO of email- and file-encryption startup PreVeil, countered that -- tradeoffs aside -- end-to-end encryption of data both in transit and at rest is vital to seamless cloud security because of infrastructural trends -- particularly as IT organizations evolve from on-premise to hybrid clouds, from hybrid clouds to multicloud, and from all of the above to seamless cloud environments.
(Source:
Flickr
)
Additionally, for Battat, a yet more pervasive yet often overlooked problem lies in the data lying in between -- data in use.
Theres a new generation of apps emerging to deal with this latent... legacy problem of plaintext data living on servers, Battat said. Whether its encrypted at rest or in transit, the problem is plaintext data being decrypted in use.
While not everyone is in agreement, these trends have some analysts thinking about encryption in the cloud era in new ways.
Encrypting data at all times (at rest, in transit, and during processing) and during the whole data lifecycle -- from creation to destruction -- is that ideal world that we all look for, Martin Whitworth, IDCs Research Director for European Data Security and Privacy, wrote to Security Now. Unfortunately, practicalities often get in the way.
The way Battat puts it, however, security trends themselves have become impractical -- often amounting to little more than building higher and higher walls that do no good when intruders get in through a door or a window. While
data segmentation
is being increasingly deployed to achieve data-stewardship goals in seamless cloud environments, these goals may be self-defeated by the very accessibility measures used to make seamless clouds so seamless to begin with. The fundamental end-to-end security problem of email and file-sharing lies in the accessibility demands inherent to those applications nature; they require storage indefinitely (sometimes
forever
).
Certain discoveries are only unlocked when you have enough mass,
Stefaan Vervaet
, Western Digitals Senior Director of Strategic Alliances and Market Development, wrote in a recent blog post. Its no surprise that some companies may decide to never delete data again.
Many enterprise IT organizations wind up with a severely poor software-development lifecycle (SDLC) -- having sensitive data hiding in all of the places where they didnt intend and dont know about, often in multiple centralized locations. (See
Uber Loses Customer Data: Customers Yawn & Keep Riding
.)
Centralization creates exposure, points out PreVeils
manifesto
. If an attack on a single server or network device yields vast quantities of valuable information, one can be sure the attackers will target this central point of failure.
While the decentralization of a seamless cloud can thereby aid information security, new problems crop up in such an environment as accessibility issues intersect with particularized processing challenges.
If you have a hybrid [cloud], how do you effectively manage the encryption schemes (
and
keys) across these different environments? Whitworth said. [This includes] the challenges of managing keys -- not just for encryption/decryption, but also the issues of key rotation, issuance, cancellation, distribution, etc.
Boost your understanding of new cyber security approaches at Light Readings
Automating Seamless Security in Carrier & Enterprise Networks event
on October 17 in Chicago! Service providers and enterprises receive FREE passes. All others can save 20% off passes using the code LR20 today!
PreVeils end-to-end encryption (based on XSalsa20, a stream cipher) for filesharing and email purports to work similarly to applications like DropBox, with users being able to drag and drop to encrypt data and synchronize that encryption across all devices -- all without having to be concerned with individual keys. Battat reports that PreVeils cloud servers, meanwhile, sees neither any of the plaintext data nor the decryption keys. Additionally, with encryption-based validation instead of whatever business logic has been stored on the servers for administrative access, an intruder who has compromised one VIP admin or executive does not necessarily get the whole pot of gold.
Ultimately, said Battat, this kind of end-to-end encryption is uniquely qualified for securing a seamless cloud environment because of the problems of trusting data exposure on strange servers -- or any servers at all.
The hybrid environment doesnt have to be any less secure if youre using end-to-end encryption because the whole premise is that anything on the server is not trustworthy, said Battat. End-to-end encryption does a pretty good job because the encryption is handled at the client side -- so youre not really relying on server qualities to guarantee your safety.
Related posts:
Startup PreVeil Challenging Cloud-Based Encryption Standards
Invisible Network Attacks: Good Encryption vs. Bad Encryption
Hands-Off Security: Automating & Virtualizing the Enterprise Network
— Joe Stanganelli, principal of Beacon Hill Law, is a Boston-based attorney, corporate-communications and data-privacy consultant, writer, and speaker. Follow him on Twitter at @JoeStanganelli.

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Seamless Cloud Security Depends on Encryption Done Right