The Rise Of Bring Your Own EncryptionThe Rise Of Bring Your Own Encryption
The BYOE security model gives cloud customers complete control over the encryption of their data. At the same time, cloud providers are finding innovative ways to let users manage encryption keys.
June 9, 2015
This year, much like last, has seen the security landscape evolve to meet ever-changing threats. As public cloud becomes the de facto standard, businesses are being forced to ask new questions of their security procedures.
Cyberattacks are no longer the only concern. The Snowden revelations had a crippling effect on cloud confidence. According to the “2014: The Year of Encryption Survey,” one-in-two people perceive the cloud to be less secure as a result of the Snowden affair, and 78% believed that the revelations will influence future IT provisioning.
On the back of the scandal, businesses are finding that they have to navigate an increasingly complex legal landscape. Data sovereignty is becoming a pressing issue, and even if a company knows exactly where its data resides, the possibility that it may fall into the wrong hands remains an ever-present threat.
[To hear more on this topic, register for your free tickets to Interop London.]
The answer to the numerous security questions and concerns lies, of course, in encryption. The earliest forms of cryptography were found in hieroglyphs carved into monuments of the Old Kingdom of Egypt in 1900 BC. Up until the 1970s, secure cryptography was the preserve of government agencies, but the advent of asymmetric cryptography brought highly secure encryption into the public arena.
What Is BYOE And How Does It Work?
Bring your own encryption is a security model that gives cloud customers complete control over the encryption of their data by allowing them to deploy a virtualised instance of their own encryption software in tandem with the application they are hosting in the cloud. It is possible in this scenario for the end user to manage their encryption keys within the cloud; however, given the legal pressures that a cloud service provider (CSP) could potentially face, it would make little sense to encrypt data and then store the encryption keys in the same environment.
It’s not that the CSP can’t be trusted – far from it. Cloud providers have a vested interest in winning the trust of their customers by protecting data to the best of their abilities; but let’s just say, it would have been much easier to crack the Enigma code if the key were written on the side of the machine.
To further build on the BYOE model, we turn to bring your own key (BYOK). This is where the encryption keys are stored away from the cloud and controlled by the business, which maintains complete ownership of the data. Without the master key, the CSP cannot access the data, even if it were legally forced to do so.
While BYOE remains something of a pipe dream for software-as-a-service applications, both Amazon and Microsoft have introduced cloud-hosted key management systems in the forms of Amazon KMS and Microsoft Azure Key Vault. Microsoft also has teamed with Thales to create a true implementation of BYOK, where encryption keys reside in an on-premises hardware security module.
An increasing number of cloud providers are following suite, finding new and innovative ways to hand over control to the end user. While it’s still early days for BYOE and BYOK, ensuring security has never been a more paramount issue. Public cloud offers efficiencies and scalability, the likes of which have never been seen before; but its extraordinary benefits must be balanced against the increasingly complex security landscape.
While not every business is governed by strict security policies, any company than handles personal information is bound by data protection laws and as such has a responsibility to ensure that its data is fully secure. Any migration of data to the cloud should be preceded by a frank conversation with the CSP about some of the issues mentioned above.
Interop, the flagship event of London Technology Week, takes place at ExCeL London June 16 to 18 2015. Find out more here.
About the Author(s)
You May Also Like
Perspectives on Security for the Board - 3rd Edition
The Forrester Wave™: Vulnerability Risk Management, Q3 2023
Cloud Security Maturity Model: Vision, Path, Execution
Responsible data use: Navigating privacy in the information lifecycle
Checklist: Top 6 Considerations to Optimize Your Digital Acceleration Security Spend