The skill of cryptography was primarily developed for war. It was a secure means of transmitting military tactics and war updates to one’s own army or allies. Even if this info was intercepted en route, the unintended recipient could not make any sense out of this information.
Once this encrypted info reached its intended destination, it was first decrypted or converted into an understandable form. This proved to be a highly effective means of sharing classified information from one point to the other.
Also Read: Security is Our Core Philosophy
Fast forward to the present age of information technology in which nations are no longer judged by the number of soldiers, tanks or fighter jets. Only those nations occupy today’s center stage that have excelled in technology and innovation.
Today’s means of transmitting information are parallel to the speed of light. This has shrunk the globe into a small ecosystem in the context of information sharing. A piece of info will take a few moments to reach its recipient thousands of miles away.
Encryption and the IT Industry
The basic concept of encryption remains the same but the key players have changed with time. Big military powers have been replaced with tech giants that are leading global innovation. The adversaries are either fierce business competitors or cyber criminals that are in the lookout for the slightest hint of intelligible information.
Today’s entities cannot even think of functioning efficiently without leveraging the power of the internet. This reliance will involve transmitting vast amounts of data and information over the internet. Any entity that transmits sensitive or intelligible info over the internet cannot survive without deploying strong encryption.
In a regular internet based environment, the role of encryption was to secure sensitive data while it is in transit from one point to the other. However, as reliance on the internet has steadily increased, the traditional data encryption model is proving inadequate.
Present Data Encryption Needs
With phenomenally increased cyber-attacks, the needs for encrypting data are evolving quite fast. A modern encryption solution should ideally be capable of protecting the data at rest, in transit and most astonishingly, when it is being used for various computations over the public cloud infrastructure.
Data and Compliance Concerns
Today, intelligible and actionable data is perhaps the most valuable commodity for any business. It is for this very reason that today’s data companies are minting billions of dollars merely from selling vast heaps of data. This data in fact acts as the starting point for designing new products and services.
However, today’s regulators are getting much more stringent when it comes to collecting, processing and most importantly, selling this data for financial gains. There are two aspects to this problem. Firstly, people are getting fed up from the stealthy and misleading tactics that are used to collect a person’s data.
Secondly, once this data is sold to business concerns as a stream of potential revenue generating leads, it becomes a total nuisance for the people who were part of this data. Presently, the tolerance level for using data in such a brazen manner is diminishing really fast and no longer a viable option.
Cloud Solutions and Encryption
Organizations are rapidly deploying cloud computing solutions for the obvious benefits of flexibility, scalability and efficiency. Another increasing trend within cloud deployment is that more and more organizations are switching to the public cloud managed by various Cloud Service Providers (CSPs).
In the case of a public cloud solution, all the business critical data will be stored in the data centers of the CSP. However, there is a regular to and fro movement of this data from a company’s own network to the infrastructure of the CSP. This implies that in the case of a cloud solution, the need for data encryption is twofold.
Firstly, the data must be stored in the data centers of the CSP in encrypted form. Secondly, when this data is in transit to or from the CSP to the cloud tenant, it should also be in encrypted form. Even if data integrity is compromised due to a cyber-attack, the data is of no use to the perpetrator.
The Loophole in Cloud Data Encryption
All the above discussion begs the question that if today’s cloud based solutions are so well encrypted and secured, why does the question of cyber security keep resurfacing every now and then. Let’s highlight a major loophole of cloud based solutions in the specific context of data encryption.
When the data is residing idly in the data center of the CSP, it is fully encrypted in that state. However, as soon as the cloud tenant accesses this data, it first loses its encrypted state. It is after decryption that this data can be manipulated in any way whatsoever.
Decrypted Data and Cloud Security
This is where the cloud data is most vulnerable as it is in a decrypted form. If a cyber-criminal somehow gains access to the cloud network, the entire data is up for grabs. The attacker is at liberty to either wipe the data clean or exfiltrate it for a possible ransom ware attack.
In the recently recorded cloud security breaches, it was a common occurrence that an attacker somehow managed to exploit some inherent weakness of the network and gain access to the cloud. The attacker responsible for the infamous Capital One breach merely used a misconfigured Web Application Firewall (WAF) to access the cloud.
The Inadequacy of Traditional Encryption
In the light of above discussion, we can safely conclude that for today’s cloud based solutions, the traditional data encryption won’t cut it anymore. In addition to keeping the data encrypted at rest and in transit, the data now must retain its encrypted form even during computing, processing or analysis phases.
Challenges of Modern Encryption
This is a highly researched area that how can data retain its encrypted form even during operation. Some recent tech startups claim to have developed a technique whereby the data remains encrypted even when it is being manipulated for various tasks.
How Does the Proposed Encryption Work?
Encrypted data is unintelligible even for its intended end user. It is only once the data loses its encrypted form that an end user can make some sense out of it and perform any necessary operations. To make the encrypted data understandable for its intended user, the end user’s unique and preapproved devices will have decryption keys.
For any other legitimate user of the cloud network apart from the intended one, the same data will retain its encrypted state. Even on paper, this is a step that will revolutionize the cyber security of cloud computing solutions for years to come.
How to Work With Encrypted Data
Here is the other great way this proposed encryption will revolutionize cloud security. The processing muscle of Cloud Service Providers is immensely greater than that of the cloud tenant. Secondly, when organizations migrate to the cloud, they stop investing in upgrading their in-house IT infrastructure.
So how can cloud tenants avail the processing muscle of CSPs without compromising on data security? This is only possible if the data retains its encrypted state even when certain operations are being performed on it over the cloud. No cloud tenant would feel comfortable with the idea of manipulating its business critical data over the cloud when it is highly vulnerable to misuse or theft.
Artificial Intelligence and Encrypted Data
This is where the power of Artificial Intelligence (AI) really comes into play. Instead of decrypting the business critical data over the cloud to perform computations and data analysis, use AI to bridge this gap. Machine learning algorithms are developed, tested and applied to encrypted data.
Unlike a human mind that has cognitive limitations, strong AI algorithms can work on vast reservoirs of encrypted data and extract the desired parameters we call results or information. This information can be used in virtually any industry such as biotechnology, financial modeling, healthcare and aerospace.
Compliance Advantages of Encrypted Data
Using encrypted data for analysis and derivation of meaningful results has a great advantage when it comes to statutory compliance. As the encrypted state of personal and confidential data remains unchanged, the actual parameters to which the data belongs remain safe from any future misuse.
Example from Health Care Industry
Let’s explain this point with the example of a health institute that conducts research on diabetes. For this research to bear meaningful results, the data pool of millions of diabetic patients would ideally be required. The institute will simply procure this data in encrypted form and conduct an extensive research on all the desired parameters.
During the whole research cycle over the resources of a cloud computing solution, the data will never change its encrypted state. What this implies is that the name or identity of not even a single diabetes patient will be known to the research institute.
Encryption and Traditional Access Control Mechanisms
The entire discussion on this imminent revolution in encryption by no means implies that the traditional access control mechanism will become redundant. The importance of firewalls and other access management aids will remain unchanged for any public cloud based computing solution.
Firewalls are a great peripheral tool in making any cloud solution’s network secure from intrusions. Similarly, access management tools such as multi-factor authentication also work in tandem with other cloud security solutions to make any cloud infrastructure secure from cyber threats.
The Inherent Susceptibility of Cloud Networks
Let’s not ignore the fact that a public cloud infrastructure is very complicated and difficult to secure. There are so many different actors and factors at play that it becomes impossible to fully secure a public cloud. The same goes for firewalls and other antivirus software.
Even the best software have some inherent loopholes that cyber thieves capitalize upon to sneak into a cloud network and wreak havoc. The aspect of credential theft is also a major vulnerability in any public or private cloud infrastructure. In such an event, the perpetrator impersonates a legitimate cloud user to inflict damage.
Worst Case Scenario in Encrypted Data Theft
There is a great plus point to employing a full-time encryption model. Even in the worst case scenario, the attacker can do nothing beyond destroying the data residing over the cloud. This action can be easily thwarted by constantly backing up data at an alternate location, which CSPs or cloud tenants otherwise do.
Advantages of Full Time Encrypted Data
The biggest advantage of keeping data encrypted at all stages of the public cloud is that even if an attacker somehow manages to gain access to the cloud network, the data will still remain secure. Any data extracted by the cyber-criminal from such a cloud network will be totally useless for the attacker unless decrypted.
This latest innovation in encryption, coupled with the use of Artificial Intelligence (AI) will transform the security paradigm of public cloud computing solutions. Developing strong AI algorithms will definitely pose a few challenges but a lot of work is already being done in the field of AI.
The proposed full-time data encryption model will take the cyber security of public cloud networks to a whole new unprecedented level. This will also unlock the tremendous potential of conducting meaningful research, while also safeguarding the privacy and confidentiality of research subjects.