The Rise Of Bring Your Own Encryption - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
6/9/2015
11:30 PM
Sean McGrath
Sean McGrath
Commentary
Connect Directly
Twitter
RSS
100%
0%

The Rise Of Bring Your Own Encryption

The BYOE security model gives cloud customers complete control over the encryption of their data. At the same time, cloud providers are finding innovative ways to let users manage encryption keys.

This year, much like last, has seen the security landscape evolve to meet ever-changing threats. As public cloud becomes the de facto standard, businesses are being forced to ask new questions of their security procedures.

Cyberattacks are no longer the only concern. The Snowden revelations had a crippling effect on cloud confidence. According to the “2014: The Year of Encryption Survey,” one-in-two people perceive the cloud to be less secure as a result of the Snowden affair, and 78% believed that the revelations will influence future IT provisioning.

On the back of the scandal, businesses are finding that they have to navigate an increasingly complex legal landscape. Data sovereignty is becoming a pressing issue, and even if a company knows exactly where its data resides, the possibility that it may fall into the wrong hands remains an ever-present threat.

[To hear more on this topic, register for your free tickets to Interop London.]

The answer to the numerous security questions and concerns lies, of course, in encryption. The earliest forms of cryptography were found in hieroglyphs carved into monuments of the Old Kingdom of Egypt in 1900 BC. Up until the 1970s, secure cryptography was the preserve of government agencies, but the advent of asymmetric cryptography brought highly secure encryption into the public arena.

What Is BYOE And How Does It Work?

Bring your own encryption is a security model that gives cloud customers complete control over the encryption of their data by allowing them to deploy a virtualised instance of their own encryption software in tandem with the application they are hosting in the cloud. It is possible in this scenario for the end user to manage their encryption keys within the cloud; however, given the legal pressures that a cloud service provider (CSP) could potentially face, it would make little sense to encrypt data and then store the encryption keys in the same environment.

It’s not that the CSP can’t be trusted – far from it. Cloud providers have a vested interest in winning the trust of their customers by protecting data to the best of their abilities; but let’s just say, it would have been much easier to crack the Enigma code if the key were written on the side of the machine.

To further build on the BYOE model, we turn to bring your own key (BYOK). This is where the encryption keys are stored away from the cloud and controlled by the business, which maintains complete ownership of the data. Without the master key, the CSP cannot access the data, even if it were legally forced to do so.

While BYOE remains something of a pipe dream for software-as-a-service applications, both Amazon and Microsoft have introduced cloud-hosted key management systems in the forms of Amazon KMS and Microsoft Azure Key Vault. Microsoft also has teamed with Thales to create a true implementation of BYOK, where encryption keys reside in an on-premises hardware security module.

An increasing number of cloud providers are following suite, finding new and innovative ways to hand over control to the end user. While it’s still early days for BYOE and BYOK, ensuring security has never been a more paramount issue. Public cloud offers efficiencies and scalability, the likes of which have never been seen before; but its extraordinary benefits must be balanced against the increasingly complex security landscape.

While not every business is governed by strict security policies, any company than handles personal information is bound by data protection laws and as such has a responsibility to ensure that its data is fully secure. Any migration of data to the cloud should be preceded by a frank conversation with the CSP about some of the issues mentioned above.

Interop London logo (small)Interop, the flagship event of London Technology Week, takes place at ExCeL London June 16 to 18 2015.  Find out more here.

Sean McGrath is a freelance IT writer, researcher, and journalist. He has written for PC Pro, the BBC, and TechWeekEurope, and has produced content for a range of private organizations. Although he holds a first class degree in investigative journalism, his dreams of being a ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
UlfM645
50%
50%
UlfM645,
User Rank: Apprentice
6/11/2015 | 5:40:29 PM
I like that Amazon and Microsoft have introduced cloud-hosted key management systems

I like that "Amazon and Microsoft have introduced cloud-hosted key management systems in the forms of Amazon KMS and Microsoft Azure Key Vault. Microsoft also has teamed with Thales to create a true implementation of BYOK, where encryption keys reside in an on-premises hardware security module." If the data is very sensitive you may not even want the encryption keys to be exposed in the cloud when encrypting or decrypting data. Gartner defined Cloud Encryption Gateways to deal with this requirement.

Ulf Mattsson, CTO Protegrity

schavali
50%
50%
schavali,
User Rank: Apprentice
6/11/2015 | 3:53:03 PM
Once Encryption keys are as easy as logging into a consumer app, then BYOE will take off
I truly believe BYOE is important step in greater and more responsible security. However, I'm afraid the end users (not technical ones) are always afraid of pain/hassle of encryption unless it's done for them. I'm not sure we are there yet in making BYOE as easy as BYOD. 

 

Overall, solid strategy and end goal. 
nomii
50%
50%
nomii,
User Rank: Ninja
6/11/2015 | 8:05:09 AM
Re: just use .zip
@mack very right. For added advantage in a simple way for securing password if you simply use hysterix (*) in start and end it will make your password more secure.
macker490
50%
50%
macker490,
User Rank: Strategist
6/11/2015 | 7:41:49 AM
just use .zip
you have always had the option to use very good encryption: PKZIP

ZIP today uses AES/128 or AES256 encryption .      use a machine generated random password rather than "123456", "password", or "secret" .    ( do NOT use a word that's in the dictionary )

ZIP does use a SYMMETRIC password: the decrypt key is the same as the encrypt key --so if you are communicating with another party you need to call the other parth on the phone and give them the password

High Quality Encryption is NOT news.   It's been available for years .
vibhushan
50%
50%
vibhushan,
User Rank: Apprentice
6/10/2015 | 9:52:10 AM
BYOE (or BYOK) is a must to bring trust into SaaS framework
Completely agree with the proposition. For almost everything, there is a SaaS player now. Businesses - big or small - are readily sharing their data with their SaaS partners. For protection of this data on cloud, we certainly need to do better than just trusting the SaaS partners. Its not about SaaS partner going rogue, but you can never be certain about absolute foolproofness of their system. And as we very commonly see, often it is mistake of some internal staff that leads to data-leaks. In such case, encryption becomes your ultimate defense. And hence, bringing your own encryption makes so much sense. We also wrote about this on our blog here. But encryption remains a rare phenomenon - often because its complicated, and also expensive. Industry now needs encryption delivered in as-a-service model, complete with features like BYOK. 
Slideshows
10 RPA Vendors to Watch
Jessica Davis, Senior Editor, Enterprise Apps,  8/20/2019
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll