If you are exploring cloud concepts, you must have encountered the terms Open SSL and FIPS 140-2. While Open SSL is a security protocol implemented by browsers, FIPS 140-2 is a certification of compliance to standards provided by the US Federal Information Processing Standards (FIPS).

Cryptographic modules are used by cloud backup service providers to ensure security of customer information. The Open SSL FIPS object module gains considerable importance in context of deployment of SaaS (Software as a Service) applications. Data is encrypted at source before transmission and remains encrypted at rest to prevent unauthorized access to customer information. It is also commonly used to achieve enterprise compliance with legal mandates such as HIPAA and PCI DSS, which stipulate that personal information of the customer must not be accessible to unauthorized entities.

Open SSL is a not-validated Open source software component that was originally developed by Eric A. Young and Tim J. Hudson. They wanted to provide Internet users with a robust, commercial grade, full featured toolkit for implementing full strength, general purpose cryptographic libraries. The concept of Open SSL FIPS object module was later taken up and is managed by a worldwide group of volunteers to provide a validation standard for Open SSL. It was naturally adopted by cloud backup services for their cryptographic systems. Since the software is distributed with an Apache style license—which means that it is free and can be used for commercial and non-commercial purposes, subject to the general licensing conditions—cloud backup service providers have adopted it with enthusiasm.

Open SSL FIPS object module for cloud backup is creates compatibility between Open SSL API and FIPS 140-2 by limiting the SSL based implementation to the TSL mode. It is unique in that it freely delivers source code to users (e.g. cloud backup service provider software) and permits them built it up (as per documented instructions) for their specific platform. If vast changes are made to the source code and documentation is not followed, cloud backup service providers must obtain their own validation known as “Private Label Validations” or “Cookie Cutter” validations. This can be very expensive.

The Open SSL FIPS object module has been tested and works well with a number of operating systems, such as Windows and multiple flavors of Linux, including: Fedora, Ubuntu, uCLinux, CascadeOS, Scientific and Oracle Linux, HPUX, VxWorks, and Solaris. The approved algorithms include AES, DRBG, DSA, HMAC, RNG, RSA, SHS, Triple DES, ECDSA and CVL.