Edward Snowden's leaks about NSA spying may have brought the issue of cloud security to broad public attention, but some enterprise users were already concerned about how to take advantage of cloud-based applications while keeping their data safe.
As a result, enterprises, cloud-based application vendors, and security startups have all been trying to come up with ideas to make clouds more secure.
The main issue at heart is that a cloud-based software-as-a-service (SaaS) provider must see the data in order to do anything useful with it. For example, an online word processing application must be able to read the document in order to offer spell checking capabilities. An online storage vendor must be able to read stored documents in order to allow users to search for just the ones they need.
Since the cloud vendor must be able to see the actual data at some point, that is when a rogue employee, a hacker, or a government agency might step in and grab a copy of it.
Some enterprises are choosing to forego the cost savings and convenience of using the cloud apps, and switching back to on-premises software. According to an August report from the Information Technology & Innovation Foundation, the U.S. cloud computing industry can lose between $22 and $25 billion over the next three years as a result of security concerns.
To address this problem, SaaS vendors and their customers are turning to a new crop of security solutions for the cloud.
In general, these fall into two major categories: on-premises gateways that encrypt or tokenize data before passing it on to the cloud vendor, and third-party encryption appliances that limit vendor access to data while allowing the customer to control the keys.
Proxies and gateways
With a proxy or gateway, an enterprise installs an encryption appliance on premises, in a data center they control, or even in a virtual machine with a public cloud provider like Amazon. Company users looking to access their favorite cloud services are sent to the proxy instead, where, completely invisible to the user, the data is encrypted or tokenized before it goes out, and decrypted when it comes back in.
This approach is particularly attractive to companies in Europe, where regulations constrain the degree to which some types of data can cross national borders.
The cloud vendor never actually sees the data in plain form, even while working with it. Vendors use various tactics to ensure that the cloud vendor can work with the data even when its encrypted.
San Jose-based CipherCloud Inc., one of the leading vendors in this space, saw a 200 percent increase in revenues this summer after the NSA leaks came out compared to the same time last year.
Sign up for MIS Asia eNewsletters.