The biggest challenge for the Cloud is data security. The Cloud service provider needs to demonstrate expertise in meeting these challenges if the customer must build up confidence in the service. Several of these areas are addressed by use of the Secure Socket Layer or SSL by Cloud services.
The Web uses the Secure Socket Layer (SSL) to protect data during transfers to and from remote servers. This is an established standard for trusted exchanges and is ubiquitous. The SSL sits between the application and the transport layer. When used with the Internet, it sits above the Transmission Control Protocol (TCP) layer. Applications that normally work with TCP can be made to work with SSL.
Cloud services use this technology to secure data that is transferred over the Internet at any given point in time. This technology kicks into action when data is moved between servers in the Cloud or between the server and the web browser. It delivers two types of services such as encryption services and the establishment of trusted servers / domains by identifying authentication certificates from third party certifying authorities.
Authentication of the Cloud server providing the services is important. It is checked every time an SSL handshake is initiated. Unless the certificate is compromised in some way, the authentication by SSL is a failsafe mechanism. A query is sent to the certifying authority for validating the certificate. The standard of validation is either Online Certificates Status Protocol (OCSP) or Certificate Revocation List (CRL) with the former being considered more reliable. If the query is sent to the OCSP, a yes or no is returned to the query regarding revocation status of the certificate. This helps recognize rouge servers that attempt to pass themselves off as legitimate servers and prevent data breaches.
SSL uses a sophisticated architecture with built in checks and balances to ensure security of transactions over the Internet. It uses cryptographic features including ciphers, hash algorithms, and key exchange mechanisms for support. The SSL certificate works when there is a combination of a pre-defined public and a private key and the information is identified against the certifying authority’s database. Once the authenticity of the server is established, the SSL handshake happens and data security, privacy and integrity are ensured.
An improperly used SSL can be problematic. It will give the user a sense of security, but will not provide the required security in real time. Therefore, it is important to ensure that the Cloud service provider is using the SSL correctly and effectively in rendering the service to the customer. The certificates for the servers must be kept up to date and rigorously and frequently checked for errors.