Stop Lying to Your Customers—the Cloud Is Neither Private Nor Secure: What Your Customers Need to Do for Privacy and Security, and How You Can Help Them

Wednesday, December 7, 2016 - 11:45am12:30pm

James "Brad" Whitehead, Chief Scientist, Formularity


While we assure our customers and clients that the cloud is "safe," we are fooling both them and ourselves. In a typical cloud service, we send information through Transport Security Layer (TLS) ["SSL"] or Virtual Private Networks (VPNs); store it in encrypted databases; process it on dedicated virtual machines; and often send results back by TLS or VPNs. We follow the best practices of both the Healthcare Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI) communities: "encryption in motion," and "encryption at rest." We point out how these services and protocols protect the sensitive health, financial, and personal information of our customers. In truth, this cloud-based information lifecycle leaks sensitive information like a sieve! The worst part is that, as cloud architects and providers, we know it! We just like to gloss over it and pretend it's "somebody else's problem" (points to anybody that remembers Douglas Adam's "Life, The Universe, and Everything" and the 'SEP Screen' ['s_Problem_field]). In the best practices, we talk about the state of "data in motion" and the state of "data at rest." So what happens during the state transition (from motion to rest)? We know that the data becomes visible, human-readable plain text. This is just one of at least five different places where "data in motion" can be decrypted, intercepted, and recorded during a normal TLS (SSL) connection. A similar set of problems exist with storing and processing sensitive information in databases and services in the cloud.

In the same manner we have specified TLS connections in the past to protect data in motion, we can now specify end-to-end encryption to protect sensitive information as it flows in and out of TLS, VPN, and Virtual Local Area Network (VLAN) pipes. By using the newly emerging technology of homomorphic encryption, we can store AND PROCESS encrypted information in the cloud, without ever decrypting it. Not only does this truly provide the type of protect we have led our customers to believe is currently present in the cloud, but it also relieves us, as cloud providers, from tremendous risk and liability. If the cloud provider never has access to the information being processed in their data center, they can't be held responsible for any breaches or hacks. How much is this liability? Well, a year of credit monitoring, a common compensation for loss of Personal Identifiable Information (PII), is approximately $50 per person. Lose 10 million records (and 10 million wouldn't even make it to the top ten breaches last year), and you're looking at a liability of half a billion dollars.

Technologies like end-to-end encryption, homomorphic encryption, always-encrypted databases, and re-encryption proxies are not proprietary technologies. They are available from multiple commercial and open source providers. We just need to start using them as the new standards in "best practices" to provide our customers and stockholders with the safety and privacy they think they already have.

James "Brad" Whitehead, Chief Scientist, Formularity

Brad Whitehead is Chief Scientist for Formularity, an electronic forms company dedicated to the secure collection and processing of personal information. Formerly, he was a Partner and Master Technology Architect with Accenture. Brad has architected and implemented numerous national-scale information processing systems, and served as an IT security advisor to several US Federal agencies. Brad holds a BS in Artificial Intelligence from Carnegie Mellon University and an MS in Information Technology from the University of Liverpool. He can be reached at

LISA16 Open Access Sponsored by Bloomberg

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@conference {201486,
author = {James "Brad" Whitehead},
title = {Stop Lying to Your {Customers{\textemdash}the} Cloud Is Neither Private Nor Secure: What Your Customers Need to Do for Privacy and Security, and How You Can Help Them},
year = {2016},
address = {Boston, MA},
publisher = {USENIX Association},
month = dec

Presentation Video 

Presentation Audio