Most SaaS providers claim to provide encryption, but typically only the transmission is encrypted using SSL. Although this standard technology provides a good protection of transmission data, the usage data that is stored in the cloud platform does not get so much attention.
A variety of companies have specialized to provide encryption services for SaaS providers. One of them was Navajo Systems, a company that was acquired by Salesforce.com in August 2011.
Navajo developed Virtual Private SaaS (VPS) technology, which was available as a cloud service or appliance. The data was encrypted by VPS before it was sent to the application. For the user, this was completely transparent. The control of critical data was given to the customer, and the encrypted data in the cloud was unreadable for the cloud provider and anybody else.
This way has been good to avoid conflicting interests by having a separate encryption service provider. The capabilities of Navajo Systems will be integrated into a new feature called Data Residency Option (DRO). This will give Salesforce customers the possibility to decide whether sensitive data should be stored in the cloud or on-premises. Other CRM providers such as SugarCRM or Microsoft provide a similar feature.
The move from data encryption to data residency has also been made by PerspecSys, a cloud platform provider for data privacy, residency, and security. As stated in its blog, encryption of the data is not a viable option. Their two main reasons for keeping sensitive data on-premises instead of encrypting data in the cloud are:
- Regulatory requirements: Depending on the home country of a customer, legal regulations might apply. Several countries are not allowed to transfer data to foreign sites, where their law does not apply, independent of whether the data is encrypted or not.
- Moore’s law: With the growth of transistors placed on an integrated circuit, the performance of devices constantly increases. Encryption algorithms that are considered safe today, will likely easily be decrypted by tomorrow’s home devices.
At this point, I wondered, is the answer to the question in the title really just: Yes, encryption can be done by using an encryption service, which keeps the encryption keys on-premises. This way minimizes the value of your cloud solution, because encrypted data cannot be used in search or analytics functions. The other possibility is to store sensitive data on-premises, with a similar impact on search and analytics.
Then, I discovered a technology called homomorphic encryption that is appearing on the horizon: The idea is quite simple: An homomorphic cryptosystem can perform a mathematical operation on the ciphertext (encrypted information), and then decrypting the result produces the same answer as performing the same operation on the plaintext (unencrypted data). Mathematicians have debated on this topic for more than 30 years. Craig Gentry, an IBM researcher, was the first to invent a scheme that provides full homomorphic encryption. The bad news is that the time needed to compute results is not practical at the moment, although the function grows linear and runs in polynomial time. It will take approximately five to ten years to make it widely useable.
Until then, customers rely on their cloud service provider and third-party services.
Fortunately these providers and services do a very good job, because there has been no big data theft from a public SaaS provider so far.
Hi Sebastian,
This is a great summary of the issues facing enterprises in regulated sectors that are weighing the business benefit of moving to public cloud apps while contending with their respective data protection obligations.
One point of clarification – the cloud data protection gateway solution offered by PerspecSys provides both industry grade encryption (clients control the keys) or tokenization (solving for residency) *while* preserving application functionality like searching and sorting for a transparent user experience. In PerspecSys' solution view, enterprises seeking a protection gateway should not be forced into usability-security compromises. As you've aptly pointed out, security at the expense of end-user functionality would be a non-starter for most enterprises.
– David
A very interesting and important blog post. I think this is the biggest barrier to cloud adoption. I'd love to hear more about how this is handled in the SugarCRM that runs on IBM's SmartCloud Enterprise.
Encryption is generally recognized as the preferred method to secure data. US state data breach laws, UK data protection guidance, HIPAA/HITECH healthcare rules, Australian data breach recommendations, PCI DSS, and more all recognize encryption as an effective means to secure data. Beyond compliance, latency, scalability, infrastructure costs, and more are all reasons why encryption is the preferred mechanism to secure data. There are solutions like CipherCloud that offer both format and operations preserving encryption and tokenization for multiple clouds like salesforce, Gmail, Amazon, Chatter, and more. Search for a keyword in Gmail or sort a report in salesforce. You can see how search and sort with encrypted cloud data works at http://pages.ciphercloud.com/Take-the-5-Minute-Pr… .
@dstott and @Kevin Thank you for your posts. It is important to notice that there are possibilities like tokenization to secure public cloud offerings.
@samjgarforth IBM SmartCloud Enterprise provides the infrastructure for SugarCRM. Data protection is the responsibility of SugarCRM. I've invited @sugarcrm to join the conversation.