Encryption in the Clouds

Data protection in the cloud is now becoming more complex problem because the user does not know where the information is processed in the cloud. Therefore, it is important to protect the data by using encryption. It is not always clear how and what should be encrypted so that the information is not flowed outside, but on the other hand, it should not affect the performance of cloud computing services as well.  Actually, security and processing efficiency are the two major problems – found while doing research on cloud computing. Let us try to understand how to combine both of these problems. The primary means of data protection is cryptography.

However, you can encrypt data at different levels. First, consider the structure of a typical cloud application. It consists of a storage subsystem, database, application server, web server hosting, network and client application. Now look at what will encrypt each of these levels.

Encrypted Disk: It can be a separate virtual disk that is mounted to a virtual machine in the cloud. This encryption protects against leakage of the entire virtual disk, for example, during the backup. Protects against insiders encryption on the side of the operator and attacks by other users. However, if an intruder has penetrated inside the virtual machine to which the disk is mounted, such encryption cannot be protected. In fact, it’s the same encryption product to encrypt the server drives.

Encryption of Records: You can implement encryption at the database level, where the encoded data of individual fields of tables contain the most valuable data. Implementing this encryption can be either at the database, either by the application server, which works directly with the database. It is possible to organize the system so that the table field will be encrypted, which is used for database searching. Such a scheme will not slow sampling procedures from the fields, since decryption is not happening.

Encrypting The Virtual Machine: Since the cloud virtual machine is an ordinary image file storage and processes, access to these files may give an attacker a lot of valuable information. Therefore, it would be nice to provide encryption of virtual machines themselves when transferring them between hosts and storage in the inactive state. Unfortunately, the encryption mechanism must be implemented at the hypervisor level, that is, by the provider of virtualization.

Encrypt Communication Channels: You simply need to encrypt communications between the cloud and the client in order to prevent interference with this interaction, and protect against attacks such as “middle man”. Here the solution is worked out with the SSL protocol and hardware acceleration at the entrance to the cloud. Perhaps more correctly architecture would be SSL- encryption directly into the virtual machine, but it also needs to be supported at the level of the hypervisor or virtual network driver.

Each of these encryption methods have advantages and disadvantages and requires a different approach to programming and its own mechanisms for distributing keys. It is clear that encryption is only one part of the cloud. To do this, efforts are needed not only from a customers side who wants to keep the data secure, but also from the cloud computing provider and the operator of software for it.


Leave a Reply

Follow by Email