Trust Challenges Alleviated By Cryptography
There's a popular team-building exercise that is often undertaken at corporate offsites. It involves choosing one person from the group of co-workers to stand up and face away from her colleagues. She is told that her colleagues are right behind her and that she should fall back with the inherent trust that the group will catch her before she hits the ground. It never ceases to amaze me that so many people hesitate. Some of them refuse to let themselves fall back altogether. Then there are those who let go. They place trust in their colleagues and allow themselves to fall back. The reason this exercise continues to be the most utilized of all corporate team-building exercises is that it's all about trust.
I hope that enterprises continue to use this exercise, because we live in a world filled with challenges and we are required to place our trust in software. Perhaps none of these are more important and more current than the Cloud, one of the most recent trends in modern Information Technology. The Cloud is an on-demand self-service model that provides rapid elasticity for resource provisioning. Most of us know full well that resources are pooled to serve multiple customers using a multi-tenant model. Data and applications are usually hosted in a Cloud service provider that controls locations. Cloud customers have little control over them. Service-level agreements try to protect the Cloud customer's interest, but the typical customer is looking for better technical control to get guaranteed protection for her data in the Cloud environment. Despite best interests, trust, security, and privacy issues are major roadblocks in Cloud computing adoption.
Considering the business value and financial benefits of the Cloud, it is imperative to address the security challenges of Cloud computing. Customers are looking for:
- Proof of retrievability: Proof to verify that stored data is available, in the same state, and can be retrieved by the consumer when needed
- Secure deletion in the Cloud: Data is not available or accessible after a defined period of Cloud service usage
- Storage security: Data stored in the Cloud is viewed or processed by authorized entities only, and no unauthorized operations are performed
- Communication security: Integrity, confidentiality, and availability should not be compromised during communication
- Virtualization security: The ability to ensure that data security is maintained in a virtualized environment
Cryptography can provide technical control to deal with such challenges and enhance confidence in Cloud services. The scope of modern cryptography (which has evolved from being only about encryption in the early days to ensuring data protection from adversaries) includes techniques and protocols to achieve authentication, non-repudiation, and above all, integrity. The complexity of cryptology methods and their applications have continuously increased and the evolution of technology has brought in a completely new dimension to this endeavor. For example, public-key cryptography, an encryption scheme that uses two mathematically related, but not identical, keys - a public key and a private key - is used to verify digital signatures. Here, the content is digitally signed with an individual's private key and is verified by the individual's public key. It's interesting to note that cryptography, which has always been under the threat of becoming obsolete because of rapidly increasing computational capabilities, enables a service like digital signatures, which is borne out of today's technological advancements.
There is no doubt that when it comes to storing enterprise's information on a cost-effective Cloud, it's important to research and choose the best available option. The 'trust' challenges can be alleviated by choosing a secure Cloud solution, perhaps one that employs cryptography, which will give organizations the competitive edge.