The prior two posts (here and here) in this encryption key management use cases series talked a bit about the implications of doing data processing or data storage in the cloud. Both the compelling commercial advantages of processing in the cloud and some of the risks that the cloud represents were briefly summarized. Recapping the posts in a soundbite, enterprises must at least consider using the cloud for some or all of their processing because of the competitive disadvantage not doing so represents, while they must equally recognize that committing sensitive data to the cloud introduces new risks that must be mitigated...
Issac Asimov & Key Management for the Cloud
The frame I like to put around the techniques required to safely use cloud computing is informed by one of the most influential science fiction authors, Isaac Asimov. He may not be as frequently read as he was when I first picked up his books, but his Three Laws of Robotics are now canon for the genre. Those unfamiliar with the author himself may have first heard about those laws when watching the Will Smith blockbuster loosely based on one of Asimov's books, I Robot. Those three laws are:
- A robot may not injure a human being or, through inaction, allow a human being to come to harm.
- A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law.
- A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
The Three Laws of Data Protection in the Cloud
Fond memories of the geeky adolescence aside, safe and auditor-acceptable use of cloud computing can be framed by three similar Laws of Data Protection in the Cloud:
- Data must always be encrypted before leaving the logical perimeter of the enterprise and being given over to the cloud.
- The decryption keys for the encrypted data must always remain only in the control of the enterprise, and never be available to the cloud provider.
- The means to allow use of clear text data in the cloud must be established in a manner that does not violate the First or Second Law.
The Third Law - The Devil is in the Details
The first two Laws reflect the common wisdom and best practices prescribed by data security professionals and auditors. The third represents the problem statement that must be solved for enterprises to effectively obey to the first two, so they can harvest the economic benefit of reduced unit costs available from cloud computing, without sacrificing the privacy of sensitive data. The abstract solution to that problem can likewise be framed in three statements:
- Decryption keys may only pass into the cloud infrastructure in a form that prohibits employees of the cloud provider from intercepting, viewing, or copying them.
- Any use of decryption keys in the cloud must occur only within protected ephemeral memory space in a manner that guarantees the decryption keys are never written to any persistent storage.
- Once decryption keys have been used for the intended purpose in protected memory, the key must be thoroughly and conclusively wiped from that memory with the action authoritatively documented in logs.
Only when all three of these conditions can be completely satisfied can the Third Law of Data Protection in the Cloud be met.
Fortunately, technology and techniques exist today to address those requirements. Stay tuned for future post in the series that explore those in more detail. In the meantime, learn more about the issues and opportunities of managing cryptographic keys in the Prime Factors' paper "Five Key Management Fundamentals" by clicking on the image of the paper's title page below.