In a sense, security in the Cloud is encryption dependent. Encryption is regarded as one of the most critical elements in securing data and is an important criterion for consideration while selecting the Clouds service provider. As a result, the type of encryption used; the robustness of the algorithm, the process of decryption, and the key management are core to the public, private or hybrid Cloud security system.
A Cloud encryption implementation must support the following:
- Data and Application Performance: The encryption should not degrade data and application performance. Users must have a uniform experience across the network after the data is encrypted and stored encrypted in the Cloud databases. The encryption / decryption process should not result in network latency and slow down time to recovery.
- Compliance: Compliance to extant mandates is a business imperative. Digital assets (both current and historical) must be secured against unauthorized access, accessible to the authorized and auditable. The encryption used must be in sync with the requirements specified in the various legislations such as PCI-DSS or Data across Borders.
- Data Protection: Data must be protected against breach during transit and at rest. The encryption key management must be state-of-the-art. Policy based access controls must be implemented. Risks posed by exposure of customer data to the Cloud must be evaluated and averted.
- Aversion of Potential Threats: The Cloud system must provide raw security intelligence about data access and the encryption’s ability to withstand the assault of unauthorized access must be recorded for evaluation and control. The Security Information and Event management solution (SIEM) that comes with the Cloud backup and recovery software must recognize persistent threats and alert the system administration instantly.
More importantly, the encryption system should be:
- Scalable: The encryption algorithm should be able to accept any type of user-defined key and encrypt any volume of data.
- Transparently Manageable: The system should use a seamless key management feature and should be transparent to the users and applications. It should not interfere with existing processes and deliver the same user experience across the network; its construct should be simple, elastic and efficient.
- Fine Grained: Access controls in the encryption system must be fine-grained, and must support detailed policy based definitions of duties with high degree of security. Cloud administrators, root network system administrators, and unauthorized individuals or systems should not be allowed access to the information.