The idea of encryption is as old as the concept of written language, but with the spread of literacy, ever more care had to be taken to make sure that only the privileged few can read the hidden message. Today’s encryption typically relies on some sort of “key” to unlock and make sense of the message it contains, and that adds a new level to the problem: now the message is secure, the focus shifts to protecting the key.
In the case of access to cloud services: if we are encrypting data because we are worried about its security in an unknown cloud, why then should we trust the same cloud to hold the encryption keys? Hot on the heels of BYOD – or “Bring Your Own Device” to the workplace – come the acronym for Bring Your Own Key (BYOK).
Microsoft recently announced a new solution using HSMs (Hardware Security Modules) – so that an enterprise customer can use its own internal HSM to produce a master key that is then transmitted to the HSM within the Windows Azure cloud. This provides secure encryption and means that not even Microsoft can read it – because they do not have the master key hidden in the enterprise HSM.
It is not so much that enterprises cannot trust Microsoft, but more to do with legal complexities. In the wake of Snowden revelations, it is becoming known that even the best protected data might be at risk from a government or legal subpoena demanding to reveal its content. Under this BYOK system, however, Microsoft cannot be forced to reveal the enterprise’s secrets because it cannot access them itself, and the responsibility lies only with the owner.
This is increasingly important because of other legal pressures that insist on restricting access to certain types of data. A government can, for example, forbid anyone from allowing data of national importance to leave the country – no simple matter in a globally connected IP network. There are also increasing legal pressures on holders of personal data to guarantee levels of privacy.
BYOK does give the customer ultimate control over his key – but are customers happy with the encryption provided or might they want even greater protection? Alternatively, if the encryption adds latency or inconvenience some might opt for greater nimbleness at the cost of lighter encryption.
The answer would be to go a step further, and deploy their own choice of encryption algorithms or processes. Welcome to the domain of BYOE (Bring Your Own Encryption).
It is always necessary to balance security against efficiency. Consider an enterprise using the cloud for deep mining of sensitive customer data. This requires so much computing power that only a cloud provider can do the job, and that means trusting private data to be processed in a cloud service. This could infringe regulations, unless the data is protected by suitable encryption. But how can the data be processed if the provider cannot read it?
“Homomorphic encryption” means that one can perform certain processes on the encrypted data, and the same processes will be performed on the source data without any need to de-crypt the encrypted data. This usually implies arithmetical processes: so the data mining software can do its mining on the encrypted data file while it remains encrypted, and the output data, when decrypted, will be the same output as if the data had been processed without any intervening encryption.
Consider those automatic coffee vendors that grind the beans, heat the water and add milk and sugar according to which button was pressed: the operator does not know what type of coffee bean is used, whether tap, filtered or spring water or whether the milk is whole cream, skimmed or soya. All you know is that what comes out will be a cappuccino with no sugar. In the data mining example: what comes out might be a neat spread-sheet summary of customers’ average buying habits based on millions of past transactions, without a single personal transaction detail being visible to the cloud’s provider.
The problem with the cloud provider allowing the users to choose their own encryption, is that the provider’s security platform has to be able to support the chosen encryption system. As an interim measure, the provider might offer a choice from a range of encryption offerings that have been tested for compatibility with the cloud offering, but that still requires one to trust another’s choice of encryption algorithms. A full homomorphic offering might be vital for one operation, but a waste of money and effort for other processes.
The call for standards
For BOYE to become a practical solution we need a global standard cloud security platform, such that any encryption offering can be registered for support by that platform. The customer chooses a cloud offering for its services and for its certified “XYZ standard” security platform, then the customer goes shopping for an “XYZ certified” encryption system that matches its particular balance between security and practicality.
Just as in the BYOD revolution, this decision need not be made at an enterprise level, or even by the IT department. BYOE, if sufficiently standardised, could become the responsibility of the department, team or individual user. What if you prefer to use your very own implementation of your own encryption algorithms? All the more reason to want a standard interface!
This approach is not so new for those of us who remember the Java J2EE Crypto library – as long as we complied with the published interfaces, anyone could use their own crypto functions. This “the network is the computer” ideology becomes all the more relevant in the cloud age. As the computer industry has learned over the past 40 years, commonly accepted standards and architecture (for example the Von Neumamm model or J2EE Crypto) play a key role in enabling progress.
Creating such a standard is just one more aspect to the CloudEthernet Forum’s (CEF’s) mission to prevent the cloud from fragmenting into incompatible offerings and vendor lock-in by rival providers. BYOE could prove every bit as disruptive as BYOD – unless the industry can ensure that users choose their encryption from a set of globally sanctioned and standardised encryption systems or processes.
If business is to reap the full benefits promised by cloud services, it must have the foundation of such an open cloud environment.