Trust and Security in the Cloud

Untitled-3.png

Written by: Janelle Kellman, Craxel

What if the cloud became the safest place for enterprises and consumers to store their information?  How could that be possible, given that software in the cloud has the same vulnerabilities as software deployed on-premises?  While cloud vendors may argue that the cloud is safer since they spend heavily to harden their infrastructure, the cloud also has significant security disadvantages. Cloud + High Performance Searchable Encryption dramatically changes that calculus, making it the safest and most efficient place to manage information.

Enterprises have entered the public cloud cautiously due to perceived security issues, concerns around infrastructure costs, and gaps in employee management and training. As cloud options around cost and deployment have expanded, enterprises have become more willing to leverage public clouds despite the potential security tradeoffs. According to the 2018 IDG Cloud Computing Study[1] published last August, 77% of enterprises have at least one application or a portion of their enterprise computing infrastructure in the cloud, while 76% of enterprises are looking to cloud apps and platforms to accelerate IT service delivery.

Clearly, cloud computing adoption is now moving forward at an incredible pace. However, the initial concerns around cloud security have not faded.  Now, more than ever, the increased movement of mission critical processes to the cloud requires unprecedented levels of trust in third party cloud vendors. As enterprises continue to migrate over the coming years to cloud environments, we believe there is a tremendous opportunity to safely store and organize the world's information in the cloud.

What if strongly encrypted information could be stored in the cloud, yet still be efficiently searched and accessed without having to decrypt it in the cloud or even having the encryption keys present in the cloud?  This concept is not new. It has been called zero knowledge, zero trust, or even just trustless. We have made the key breakthrough in high performance, massively scalable, searchable encryption that makes it a reality. By relying on cryptography for trust, while retaining the ability to search and efficiently access information without making it vulnerable, the cloud becomes the safest and most efficient place to manage information.

We envision a number of ways to make the cloud the safest place for enterprises and consumers to manage their information.

1. The Data Layer Becomes a Trust Layer

It is widely understood that software in the cloud suffers from the same vulnerabilities as software executing on-premises, with the added danger that it is outside the enterprise. The OneLogin breach[2] a few years ago is a perfect example of how an attacker was able to get into the cloud server containing their database and exfiltrate all of their information. More recently, the Rubrik breach[3] occurred when a misconfigured server revealed confidential client contact and configuration data.  Both of these breaches illustrate that the data layer is a crucial part of the architecture, and as we see time and time again in the news, cannot today be effectively secured.  With searchable encryption, all data remains encrypted and the keys are never collocated with the data.  The data remains quickly searchable and accessible by those with the right encryption keys; the only thing anyone has to trust is the cryptography.  This transforms the data layer into a trust layer.

2. Dramatically Reducing Application Attack Surface

The shift to the cloud presents an incredible opportunity to redesign applications to use the power of a trust layer to eliminate application attack surface. Our digital trust platform provides a solution for efficient storage, indexing, and search of encrypted data as well as "trustless and immutable" transactions through our proprietary distributed ledger. In addition, our trust platform provides cryptographic segmentation of information. In other words, every piece of information is labeled, access to even the encrypted records is finely controlled by label, and each record can be encrypted using different keys. Applications can be designed to utilize this cryptographic segmentation of information to keep information safe. Not only can the data layer become a trust layer, applications in the cloud built on the trust layer can become much safer than those built on traditional databases.

3. Searchable Encryption for Cloud File Storage

The economics and convenience of cloud storage have overshadowed the inherent security and privacy concerns.  Many cloud storage vendors have had limited success with various user accessible encryption methodologies.  Most people don’t realize that in most, if not all cases, the cloud vendor maintains access to the keys – this is untenable for long-term enterprise security and privacy. Further, this forces the cloud storage vendor to take on liability around securing the data. What if enterprises and even consumers could store strongly encrypted files in the cloud without the keys ever being in possession of the cloud provider?  This is actually possible today, but the files and the information they contain would not be efficiently accessible. If I have thousands of encrypted files in the cloud and can't organize them or find what I need when I need it, how useful would that be? With zero knowledge searchable encryption, enterprises and consumers can rely on cryptography to ensure no one without the keys can access their files, while maintaining the ability to quickly find and access their information.  

Digital trust in the cloud is the next great platform opportunity -- trusting cryptography and only cryptography is the solution to stopping the rampant theft of information, decreasing vulnerabilities, and ensuring that sensitive data remains protected. Why would a CIO not move to a public cloud or hybrid cloud if they can receive all the benefits of cloud and be more secure than they can possibly be today?

[1]https://www.idg.com/tools-for-marketers/2018-cloud-computing-survey/  

[2] https://www.zdnet.com/article/onelogin-security-chief-new-details-data-breach/  

[3] https://techcrunch.com/2019/01/29/rubrik-data-leak/