The “cloud encryption problem” in a nutshell
A recent survey of the nearly 300,000 professionals who are members of Linkedin’s Information Security Group conducted by Crowd Research Partners showed that while nearly 80% of the companies in the survey have active cloud production environments, more than 90% of them have moderate or high levels of anxiety over the security of their data resident in public cloud services. To the surprise of no one who has been following the industry, data loss/leakage, privacy, confidentiality, and legal/regulatory compliance lead the list of such concerns.
Companies understand well that to get the maximum utility out of migrating servers, storage, and workloads to the cloud, and to take advantage of the wide range of cloud-based productivity tools, they will need to tolerate working with multiple and mutually distrustful parties that want to access their sensitive corporate data for collaboration, storage, or further processing. Most of these interactions don’t even involve humans, a distrustful party could be another cloud process or 3rd party cloud application that needs access to the sensitive data to provide useful output that the business needs.
The same survey of the Information Security Group professional showed that the most trusted and effective cloud security technology available to businesses today is data encryption, selected by 65% of the respondents. Again, no surprise here, when it comes to public cloud services, the best protection against broken permissions, breaches, shadow copies, fines, and jurisdictional over-reach by state-nations is to encrypt the data with your own keys and control access to the keys at all times.
So the real question is “how can we guarantee that your own encryption keys are created and distributed to multiple mutually distrustful cloud parties securely”? And let’s not forget easily and economically, since a number of less than attractive possibilities that rely on legacy methods are available, but they’re neither easy nor inexpensive.
Existing cryptographic Key Management Systems (KMSs) rely on “trusted” physical appliances to provide root-of-trust Hardware Security Module (HSM) functions. However, when traditional HSMs are adapted to cloud services using multi-tenant front-ends, often accessed from a gateway or a proxy device, the multi-party trust problem remains unsolved, and these solutions are prohibitively expensive. While it might seem like best practice to store sensitive data at one cloud service provider (CSP) and the keys to encrypt and decrypt that data in a different CSP, the resulting system now requires trust in two separate CSPs, both of whom must be available in order to make the data usable, and potentially increasing the attack vectors from those affecting a single CSP to two CSPs. It’s not hard to see the operational headaches and economic downsides of this approach.
A better solution, one that is a cloud-native KMS as a Service (or KMaaS) would give businesses full control over the encryption keys used by their cloud service providers without relying on any single CSP, and at SaaS economics. It would also enable client-side, or end-to-end cryptographic security through the use of cloud friendly APIs so that any cloud application would be able to call upon its KMS and encryption functions easily and efficiently.
Sepior has solved this issue of client-side encryption with Sepior Key Management as-a-Service (KMaaS), through the application of a ground-breaking encryption technology called Secure Multi Party Computation (MPC). KMaaS is a pure cloud-based service that provides key management with cryptographic security. MPC is a cryptographic technology that allows a number of parties to compute on encrypted data, but historically the use of MPC was thought to be far too inefficient to implement practical key management systems. From a technological viewpoint, KMaaS is based on our patent pending technology, which uses MPC protocols tailored to key management that enables high-performance encryption in near real-time. MPC enables cryptographic security as a pure cloud-based solution, by mathematically splitting the cryptographic keys in a number of parts and placing each part in the custody of different cloud service providers. Using our tailored MPC protocols, these cloud service providers can then jointly perform re-encryption and other necessary functions. To compromise the security of the system, an attacker would have to successfully compromise the majority of these simultaneously – this is related to the concept of “threshold security” whereby only a subset of the cloud service providers hosting the key servers need to be available and trusted, while some others may have become malicious or unavailable through a DDoS attack or network/equipment outage.
As KMaaS is a pure cloud-based service, any third-party cloud service that wishes to encrypt its data from the client-side now has a vehicle to secure distribution of the correct keys to the proper clients.
Integration partners of Sepior or other SaaS providers can now integrate with Sepior KMaaS through an SDK, which allows them to build client-side encryption directly into their products. Similarly, end-customers can use Sepior KMaaS directly to manage encryption keys across a number of different SaaS providers. Because Sepior KMaaS can be provisioned directly to the customer as a pure cloud service on a usage-based subscription model, it is economically feasible for even small businesses who do not wish to build their own on-prem KMS.