The
General Services Administration (GSA) has vowed to be the first department to
utilize cloud-computing capabilities as part of the Obama administration’s
“cloud-first” strategy. This program is meant to lower the increasing costs
associated with IT departments and consolidate federal data centers. The new
initiative requires agencies to recognize three “must-move” IT services that
can take advantage of cloud computing applications by late 2012.
While
cost reductions and technology updates are both bold and necessary goals to
achieve, many government agencies are rightfully apprehensive to quickly adopt
this technology, as there are numerous concerns surrounding data security.
Creating an environment suitable to meet the needs of government agencies is a
daunting task.
The CIOs of government agencies, in actuality, fear
that full cloud integration may reduce the control over sensitive data. Traditional
security measures can become increasingly transparent as they move to the
cloud, resulting in distortions between insiders and outsiders, with security
resting on staff that possess minimal control. Even worse, in a shared,
multi-tenant environment, the need to worry about compromised sensitive data increases.
Will the cloud ever be trusted with the nation’s
intelligence secrets? Or, should only specific classes of data be safely moved
to the cloud, negating risks to mission-critical data? In most cases, the
adoption of a data centric approach to security gives a solid starting point,
which leads to other questions like, who should be responsible for applying
that protection and who should hold control of it.
Using cryptography to secure the cloud
Cryptography,
which dates back many centuries, has been implemented by rendering data
unreadable to those who cannot convert it back to its original form. The
implication here is that if a data breach were to occur, the data is
essentially useless without the ‘key’ to decrypt it. When evaluating security
claims made by cloud providers, it is imperative to consider the type of data
that would be secured. Nonetheless, the concept of a ‘secure’ storage
environment boils down to several important factors, the most important being
the value of the data itself, and what the implications are if it were to be
successfully compromised.
Who should protect data in the cloud?
There
are two ways to look at this – either the cloud provider has the necessary
security perimeters in place, or they don’t. If the provider can’t offer
guaranteed, adequate levels of protection, the responsibility of encryption
then falls on the government agency in question. Leaving data encryption to the
agency ensures that only secure data ever leaves its control, subsequently
reducing the impact potential threats may pose to cloud providers. While this
may seem like the end-all, be-all solution to the problem, this strategy could
limit what operations can be performed in the cloud since it becomes more
difficult to handle encrypted data.
Key management and what it means for you
Who
handles the keys and who has access to them must be addressed when assessing
the overall encryption security model. The cloud provider could potentially
handle the keys for network or even basic storage level encryption, allowing
agencies to focus fewer resources on handling less important data keys.
However, these keys may span multiple tenants, each of whom will have limited
or no control over them. In a multi-layer approach, this is a good preliminary
level of protection, but offers nothing in terms of segregated protection. The
only means of achieving complete isolation between tenants is to have keys
dedicated to each specific tenant. However, these keys may still be accessible
by the cloud provider and highlights the vulnerabilities associated with
insider attacks, which for many is unacceptable.
Government
agencies often have no choice but to manage the keys within their own
environments, which is important because at the end of the day, it’s the
government’s responsibility to hold accountability for that protection.
Robust and trustworthy cryptography
Wherever
encryption is utilized and whoever retains liability for managing the keys, it
is crucial to evaluate the integrity and reliability of the systems in use.
While the encryption algorithms themselves are essentially unbreakable, they
are obsolete if the keys are susceptible to attacks. Having known this for
years, government agencies have deployed tamper-resistant systems, such as
hardware security parameters, to reduce the prevalence of security breaches and
to provide the confidence in security, an approach that is likely to carry over
to the cloud.
Migrating to the cloud
Cloud
computing opens new doors for government agencies to address seemingly
conflicting goals – increased flexibility, storage and responsiveness – all
while reducing operational costs. Government agencies must examine the
necessary protection requirements of their data assets and choose security
policies accordingly. Strong cryptography can offer fail-safe protection for
data and deliver strong segregation, and managing the keys to the data can
provide the means to retain control.
About the Author: As
Vice President of Product Management and Strategy, Richard contributes his
well-respected data protection expertise and thought leadership to the
information technology security activities of Thales. Richard has helped Thales
take the lead in redefining the boundaries of encryption management for global
enterprises. Richard holds a bachelor’s degree in electrical engineering from
Birmingham University and an MBA from Warwick University, UK
No comments:
Post a Comment