Cloud computing is perhaps best known for offering users ubiquitous and convenient on-demand network access.
“[The cloud provides a] pool of configurable computing resources such as shared networks, servers, storage, applications, and services,” Ernest Worthman of Semiconductor Engineering recently explained.
“What makes this so attractive is these services can be provisioned and adapted to the load, with minimal management or service provider intervention.”
As Worthman observes, cloud computing takes advantage of a distributed and highly scalable architecture; where data and applications are downloaded from the cloud or run directly from it.
“While that enhances availability, scalability, collaboration, and agility, it also increases the risk of security breaches — especially from the inside,” he confirmed.
Simon Blake-Wilson, VP of products and marketing at Rambus’ Cryptography Research division, expressed similar sentiments.
“Cloud computing takes much further a trend that has been going on for some time, which is the element of insider threats,” Blake-Wilson told Semiconductor Engineering. “Insider threats are now one of the top priorities in the security arena these days. But with the cloud, they are also harder to control.”
Because of its wide attack surface, says Blake-Wilson, cloud providers must do more than just secure the border.
“More and more cloud enterprises are thinking about augmenting the hard shell,” he noted. “[This] includes the reinforced perimeter, with protection from insider threats, as well.”
Pankaj Rohatgi, Fellow, Security Technology at Rambus’ Cryptography Research Division, says another way of securing cloud data is to break up the key itself.
“Let’s say I am the president of a bank… I can break my key into five pieces, for example, and give a piece to each vice president, or some other [bank] officer.”
As Worthman explains, this process secures the key in a much tighter fashion and prevents some insider attacks from a trusted individual who also may have access to the key.
“This provides a great deal of separation for the client, as well as adding a layer of very tight security, which is why this approach is beginning to gain traction in cloud services,” he added.
Interested in learning more? The full text of Ernest Worthman’s “Securing the cloud” is available on Semiconductor Engineering here.
Leave a Reply