Interesting blog entry on the CCIF around IBM Solves Cryptographic Cloud Security.
Reading further this discusses the topic of privacy homomorphism which focuses on one of the core issues of ensuring information privacy stored in a cloud environment and how to maintain data encryption while processing and storage in the cloud environment.
Much cloud debate has been on the subject of security access and transport of data into the cloud and then securing the information while it is held in the cloud environment. An issue often raised is when the data is decrypted at the point of use and hence a potential protection point problem where confidentially could be compromised.
While secure virtual machine containers and VPN tunnels can address the isolation issue of the cloud service as it is transported to the cloud environment; the basic problem of maintaining the encryption state of the data is when it has to be used and therefore open to view.
Alternative models of data and code obfuscation software promise a way of using the data but this has some observed limitations in many business scenarios that require strong encryption of sensitive data. A secondary issue is the additional layer of complexity that use of this approach can add to processing time and debugging.
The article indicates that IBM Researcher Craig Gentry using a mathematical method enables full interaction with encrypted data directly. This is a perfect scenario and a milestone in security computation but as flagged with various responses to the article in Forbes Magazine there is the addition of similar challenges as obfuscation algorithms in the overhead of processing. http://www.forbes.com/forbes/2009/0713/breakthroughs-privacy-super-secret-encryption.html
Multiplicity – building the capabilities of utility cloud services.
This suggests more than ever the need to build multiplicity into cloud services that enable partial or complete movement of workload processing into a cloud. This needs a step change in the way IT processes are designed into the architecture and delivered as a service. With increasingly complex processes such as language translation and security as in the example of encryption this increases the in-memory and computation workload.
Cloud is an evolving area which I see moving beyond the current utility services of Cloud which is now taking hold with strong and robust services in storage, compute and software as a service offerings becoming a reality.
A multiplicity strategy enables isolated processes to be moved to the cloud which will need service providers and cloud vendors to consider how to build added value services that better leverage infrastructure resources on-demand. The security encryption puzzle is just another barrier which shows that with ingenuity and innovation the walls of new technology adoption and be over come.