MessiandNeymar

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, November 13, 2012

Data security in the cloud

Posted on 3:31 PM by Unknown

There's lots to chew on in this strongly-worded editorial on the website NextGov.com: Op-ed: Encryption, not restriction, is the key to safe cloud computing.

The specter of non-U.S. citizens having physical control over and access to U.S. data understandably gives the government pause. The same is true of almost every other country in the world.

As a result, many federal, state and local governments and agencies are starting to require that their data remain within geographic control.

Taking this school of thought further, the U.S. government is engaged in an opaque rule-making process that is poised to create a requirement that federal data be stored at a U.S. location and handled only by U.S. citizens.

As hinted at by the title of their editorial, the authors suggest that this is the wrong direction to proceed.

There is an easier solution -- encryption at rest. A system of encryption where the customer controls the encryption keys solves many of the security problems that have bedeviled public clouds for the government. It would eliminate the need to insist on U.S.-only location for government cloud data centers and support personnel. All that is required is to implement an architecture that enables customers to apply encryption to data at rest before that data is transitioned to the cloud and for their customers to be the sole holders of their own encryption keys.

But as the article notes, the main objection to this proposal is not technological, but financial:

Why do some in the industry resist this solution?

In part it is because encryption with customer controlled keys is inconsistent with portions of their business model. This architecture limits a cloud provider’s ability to data mine or otherwise exploit the users’ data. If a provider does not have access to the keys, they lose access to the data for their own use. While a cloud provider may agree to keep the data confidential (i.e., they won’t show it to anyone else) that promise does not prevent their own use of the data to improve search results or deliver ads. Of course, this kind of access to the data has huge value to some cloud providers and they believe that data access in exchange for providing below-cost cloud services is a fair trade.

Remember: if you don't know what the product is, the product is you.

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Shelter
    I meant to post this as part of my article on Watership Down , but then totally forgot: Shelter In Shelter you experience the wild as a moth...
  • The Legend of 1900: a very short review
    Fifteen years late, we stumbled across The Legend of 1900 . I suspect that 1900 is the sort of movie that many people despise, and a few peo...
  • Rediscovering Watership Down
    As a child, I was a precocious and voracious reader. In my early teens, ravenous and impatient, I raced through Richard Adams's Watershi...
  • Must be a heck of a rainstorm in Donetsk
    During today's Euro 2012 match between Ukraine and France, the game was suspended due to weather conditions, which is a quite rare occur...
  • Beethoven and Jonathan Biss
    I'm really enjoying the latest Coursera class that I'm taking: Exploring Beethoven’s Piano Sonatas . This course takes an inside-out...
  • Starting today, the games count
    In honor of the occasion: The Autumn Wind is a pirate, Blustering in from sea, With a rollocking song, he sweeps along, Swaggering boisterou...
  • Parbuckling
    The enormous project to right and remove the remains of the Costa Concordia is now well underway. There's some nice reporting on the NP...
  • For your weekend reading
    I don't want you to be bored this weekend, so I thought I'd pass along some articles you might find interesting. If not, hopefully y...
  • Are some algorithms simply too hard to implement correctly?
    I recently got around to reading a rather old paper: McKusick and Ganger: Soft Updates: A Technique for Eliminating Most Synchronous Writes ...
  • Don't see me!
    When she was young, and she had done something she was embarrassed by or felt guilty about, my daughter would sometimes hold up her hand to ...

Blog Archive

  • ►  2013 (165)
    • ►  September (14)
    • ►  August (19)
    • ►  July (16)
    • ►  June (17)
    • ►  May (17)
    • ►  April (18)
    • ►  March (24)
    • ►  February (19)
    • ►  January (21)
  • ▼  2012 (335)
    • ►  December (23)
    • ▼  November (30)
      • Atmospheric Rivers
      • Two Years for Randall Munroe
      • WDW vs DL
      • On being a developer
      • The fourth bore
      • Tis the season...
      • Zlatan's goal
      • Thanksgiving edition of stuff I'm reading
      • The OAK watch incident
      • HP Autonomy
      • The bubble is back!
      • Stuff I'm reading about
      • Perforce Thanksgiving Potluck
      • Gates Foundation gets involved in MOOCs
      • Yes, it's true, I just can't get enough...
      • Data security in the cloud
      • The fastest boat in the world?!
      • AWS 10/22 outage
      • The old guy can still bring it
      • Vibe Managers
      • Election 2012
      • It's not just a game ...
      • Consider the source
      • Don't see me!
      • SSL Certificate Validation
      • Am I slowly learning something?
      • Future Perfect: a very short review
      • Pulpit Rock
      • Another quick collection of Sandy links
      • Techy Sandy Stories
    • ►  October (33)
    • ►  September (34)
    • ►  August (29)
    • ►  July (39)
    • ►  June (27)
    • ►  May (48)
    • ►  April (32)
    • ►  March (30)
    • ►  February (10)
Powered by Blogger.

About Me

Unknown
View my complete profile