Stop Lying to Your Customers—the Cloud Is Neither Private Nor Secure: What Your Customers Need to Do for Privacy and Security, and How You Can Help Them

While we assure our customers and clients that the cloud is "safe," we are fooling both them and ourselves. In a typical cloud service, we send information through Transport Security Layer (TLS) ["SSL"] or Virtual Private Networks (VPNs); store it in encrypted databases; process it on dedicated virtual machines; and often send results back by TLS or VPNs. We follow the best practices of both the Healthcare Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry (PCI) communities: "encryption in motion," and "encryption at rest." We point out how these services and protocols protect the sensitive health, financial, and personal information of our customers. In truth, this cloud-based information lifecycle leaks sensitive information like a sieve! The worst part is that, as cloud architects and providers, we know it! We just like to gloss over it and pretend it's "somebody else's problem" (points to anybody that remembers Douglas Adam's "Life, The Universe, and Everything" and the 'SEP Screen' [http://hitchhikers.wikia.com/wiki/Somebody_Else's_Problem_field]). In the best practices, we talk about the state of "data in motion" and the state of "data at rest." So what happens during the state transition (from motion to rest)? We know that the data becomes visible, human-readable plain text. This is just one of at least five different places where "data in motion" can be decrypted, intercepted, and recorded during a normal TLS (SSL) connection. A similar set of problems exist with storing and processing sensitive information in databases and services in the cloud.

In the same manner we have specified TLS connections in the past to protect data in motion, we can now specify end-to-end encryption to protect sensitive information as it flows in and out of TLS, VPN, and Virtual Local Area Network (VLAN) pipes. By using the newly emerging technology of homomorphic encryption, we can store AND PROCESS encrypted information in the cloud, without ever decrypting it. Not only does this truly provide the type of protect we have led our customers to believe is currently present in the cloud, but it also relieves us, as cloud providers, from tremendous risk and liability. If the cloud provider never has access to the information being processed in their data center, they can't be held responsible for any breaches or hacks. How much is this liability? Well, a year of credit monitoring, a common compensation for loss of Personal Identifiable Information (PII), is approximately $50 per person. Lose 10 million records (and 10 million wouldn't even make it to the top ten breaches last year), and you're looking at a liability of half a billion dollars.

Technologies like end-to-end encryption, homomorphic encryption, always-encrypted databases, and re-encryption proxies are not proprietary technologies. They are available from multiple commercial and open source providers. We just need to start using them as the new standards in "best practices" to provide our customers and stockholders with the safety and privacy they think they already have.