Cloud Security : Criptonube

Roco Escalera, Gradiant
Cloud Computing or just The Cloud is the given commercial name for a number of technologies that outsource data storage and computing. So, what would normally be on our computers (programs or files, for example) is moved to a set of servers we access through the Internet .

 

The cloud is quickly being adopted by many companies because of the advantages of this new paradigm. The software is only in one place, making it easy to update and it allows access from any location and device. The cloud is offered as a service, which is paid only by use, saving costs of hardware, software and maintenance. Besides, the cloud automatically scales its infrastructure based on our needs.

 

Cloud-Backup-Secure.jpg

Image source: www.acloudhosting.es

Regardless we talk about an in-house hosted cloud or an outsourced cloud, there is an open debate on what this new paradigm involves in terms of security. In the former case, the fact information is being centralized and made accessible from the Internet is a tempting vulnerability. In the latter, migrating data and applications in our local environment to environments controlled by third parties arises an added problem of mistrust.

 

It is increasingly common for cloud services to offer encryption capabilities, so that their databases are protected against possible attacks .

 

Because cloud services must operate with our data , they must have the secret keys that protect databases. This way they can decrypt, operate and encrypt back again. This is a partial solution which arises two problems:

 

The first is that, even though data are stored encrypted, the secret key is in the same cloud environment and therefore, any intruder is able to decrypt and see our data.

 

The second problem is that, even if the privacy of the key is ensured, the data must always be decrypted for processing.

 

There are many solutions trying to address the first problem, but few of them tackling the second.

 

Cloud Security is a priority line of research at Gradiant. Thus, Gradiant , along with the Barrié Foundation, is already developing the Criptonube project, which allows to maintain the privacy of data processing in the cloud.

 

Criptonube introduces Hardware Secure Modules (HSM) in the cloud infrastructure so that operations with sensitive data are performed in physically secure environments, with the highest privacy certification, ensuring that these data have been processed in an inaccessible environment for attackers whether external or internal to the cloud provider.

 

You can find more information about the Criptonube project at
http://criptonube.scape-project.com