Is the Big Data Really Secured During the Transition and at Rest in the Cloud?
Cloud service means that service made available to users on demand through the internet from cloud computing provider’s servers. Cloud infrastructure actually consists of data centers that usually locate in different countries around the globe. In this sense, the data that contains confidential and private information will need to be transferred from the users to the cloud servers that are somewhere around the world. Thus, people are curious about the security of data transition and storage.
Coles (2015) pointed out a positive news that more than 80% of cloud service providers encrypt data during the transition between users and servers, however, he also indicated that only 9.4% of cloud service providers encrypt data once it is stored at rest in the cloud. It means that more than 90% of the unprotected data is exposed to the public in the cloud servers. This is surprisingly high number that we as users need to worry about. As long as the data is not encrypted, any data that is being stored in the cloud can be interpreted by anyone who is aware of the information in which the text is written. Cryptography is an efficient approach to protect the data (Baibarac, 2015). That is why during the transition period, encryption is necessary, but why the cloud service providers are not continuing to encrypt the data at rest in the cloud after the transition — different encryption methods are used between data transition and data storage, and data encryption at rest is more complex. At this point, cloud service providers claim that cloud only offers a place to store the data that should be protected and relied on users themselves, whereas users argue that providers should be responsible to the security because users pay for the service (Thales e-Security & Ponemon Institute, 2012).
In spite of who should protect the data, there are still many challenges to the data encryption in the cloud. Before to talk about the challenges of data encryption, I will share the basic theory of the encryption. Clark (2015) illustrated that encryption uses a complex algorithm to change the normalized data (plaintext) into “error-like” data (cipher-text). There are two of the most widely used methods that include public key (asymmetric) — Diagram-1 and private key (symmetric) — Diagram-2. Basically, users would prefer to manage the keys, particularly the private key, because the private key is to decrypt the cipher-text into plaintext, whereas the public key is to encrypt the plaintext into cipher-text. You may need to read here for more information about the cryptography.
Continue to the challenges that we are discussing above, Lawton (2015) mentioned one of the challenges is that if data is encrypted before uploaded to the cloud, and then the data is needed on a phone or remote device that does not have the decryption key. As a result, the downloaded object (encrypted data) will be useless. Another example brought by Prince (2013) is that a user wants to send all the sensitive data that is encrypted to a cloud, but this wouldn’t be useful if user requires some computations on the data, because the cloud is clueless about the encryption.
The challenges that we are talking about are the data availability challenges. Besides, there are many others, such as data technical challenges, data policy challenges. Due to many challenges that cloud is facing, it is the reason why small percentage of the data is encrypted in the cloud. Based on the discussions and challenges that I found, I agree that the big data is more secure during the transition than at rest in the cloud. However, both aspects of data transition and data storage still need to be increased the security issue, especially the data storage that has huge improvement space to be made.
Reference:
Baibarac, E. (2015). A survey on symmetric text encryption algorithms. Naval Academy Scientific Bulletin, 18(2), 196–197. Retrieved from https://www.anmb.ro/buletinstiintific/buletine/2015_Issue2/FCS/196-197.pdf
Clark, B. (2015, March. 9). How does encryption work, and is it really safe? Retrieved from http://www.makeuseof.com/tag/encryption-care/
Coles, C. (2015, July. 16). Only 9.4% of cloud providers are encrypting data at rest. Retrieved from https://www.skyhighnetworks.com/cloud-security-blog/only-9-4-of-cloud-providers-are-encrypting-data-at-rest/
Lawton, S. (2015, April. 30). Cloud encryption: using data encryption in the cloud. Retrieved from http://www.tomsitpro.com/articles/cloud-data-encryption,2-913.html
Prince, B. (2013, December. 3). Big data faces big challenges with encryption. Retrieved from http://www.securityweek.com/big-data-faces-big-challenges-encryption
Thales e-Security, & Ponemon Institute. (2012). Encryption in the cloud: who is responsible for data protection in the cloud? Retrieved from http://www.ponemon.org/local/upload/file/Encryption_in_the_Cloud%20FINAL_6_2.pdf
