Cloud Zone
Cloud Zone is brought to you in partnership with:
spacer spacer Frank Kelly
  • Bio
  • Website
  • @kellyfj1
  • spacer

Frank was born in Ireland and now lives in the USA. His initial training was in Computer Science from Trinity College, Dublin (so they're really to blame for this). He also has a Ph.D. in Cognitive and Neural Systems and after realizing that computers were still as dumb as a bag of hammers realized that he had better go earn some money and stop fooling around. Right now he likes to think he is a part-manager, part-developer, part-architect developing applications for a leading vendor of systems that support global trading of various financial instruments because "code monkey" just doesn't sound as good. Frank is a DZone MVB and is not an employee of DZone and has posted 10 posts at DZone. You can read more from them at their website. View Full User Profile

Securing Your Data in the Cloud: Key Management Hell

09.05.2012
| 1679 views |
  • Tweet
  • spacer

Related MicroZone Resources

FREE 3 Month Azure Trial

On-Premises Application with Azure Blob Storage

How to Run a Java Application Server on a Virtual Machine

Hello World Web App Using Eclipse on Azure

PHP Web Site with Windows Azure Table Storage Using Git

Like this piece? Share it with your friends:

| More

When you start migrating to the cloud, you'll invariably find that you need to encrypt some or all of the data you store there. Apart from the performance hit, this seems easy. Right?

Except for this: How are you going to manage keys used to encrypt and decrypt? Because your data and your business logic (app servers) are no longer in your control, you can't just leave your keys on your app server (EC2) instances. If a hacker compromises those data keys then they can access your data. The same is true in normal in-house environments, but at least you can trust the folks who run your data center -- or at least, you can fire them or pursue them legally. If an AWS person in Tokyo goes rogue, for example, then what is your recourse?

So your data encryption keys themselves need to be encrypted. Okay, no big deal. But now where do you store the "master" keys to decrypt the data keys? And so on. Maybe you store the master keys in your non-cloud environment and call out from EC2 to get them, but now you could be subject to another type of attack. So far I haven't heard a good architectural solution, barring something like human-based two factor authentication required when starting up an EC2 instance? But now your auto-scaling is hosed.

Anyone have any ideas or see any workable solutions?

Published at DZone with permission of Frank Kelly, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Tags:
  • Cloud
  • Cloud security
  • ec2
  • encryption
  • Tips and Tricks
  • Got a story? Tell us!

Related MicroZone Resources

PHP Web Site with Windows Azure Table Storage Using Git

Hello World Web App Using Eclipse on Azure

PHP Web Site with MySQL Using Git on Azure

How to Run a Java Application Server on a Virtual Machine

On-Premises Application with Azure Blob Storage

Related searches:
server database storage website virtual
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.