Introduction to Cloud Encryption - by Julien Cathalo, Smals - 21 03-2013

1,381 views
1,292 views

Published on

How to keep your data private in the Cloud?
Slides from a live presentation at the Belgian edition of InfoSecurity on 21-3-2013. Smals-researcher Julien Cathalo discusses the needs, strategies and commercial products form building a Cloud encryption infrastructure. Organizations should not rely upon Cloud service providers for assuring their data privacy. He discusses several products for user-oriented storage in the Cloud, including Box, Google Drive, Dropbox, SkyDrive, SpiderOak, to be secured by BoxCryptor, TrueCrypt, TeamDrive or SpiderOak. SaaS applications like Gmail, Salesforce.com of Office 365 could be secured using security gateways like Certes, CipherCloud, Concealium, Intel, Perspecsys or Symantec. Smals is a not-for-profit shared services organization offering ICT solutions to Belgian government institutions in social security and health care. More info on www.smals.be

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,381
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
58
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Introduction to Cloud Encryption - by Julien Cathalo, Smals - 21 03-2013

  1. 1. Introduction toCLOUD ENCRYPTION How to keep your data private in the cloud Julien Cathalo Smals Research
  2. 2. 2 Agenda• The need for Cloud Encryption• Encryption for user-oriented storage in the Cloud• Encryption for other SaaS applications Remarks and questions are welcome ! Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  3. 3. 3 The Cloud is great !• Cost reduction – Less licences – Less hardware cost – Less software administration• Agility – Resources fit the customer needs – Resources rapidly available Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  4. 4. 4 Cloud Security Concerns• Organizations are worried… (2012 Cisco Global Cloud Networking Survey)• And experts say they are right ! – Gartner (2012) recommends not to trust your Cloud provider for the privacy of your data Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  5. 5. 5 Confidentiality in the Cloud• Goal : prevent unauthorized access to the data• How to do it ? – Data Encryption (ex: AES 256 bits) – Key Management Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  6. 6. 6 Confidentiality in the CloudCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  7. 7. 7 Encryption is not enoughCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  8. 8. 8 Recommandation• Encrypt the data• Keep control of the keys – The keys stay inside the organization• Do not rely of the security measures taken by the Cloud provider Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  9. 9. 9 Agenda• The need for Cloud Encryption• Encryption for user-oriented storage in the Cloud• Encryption for other SaaS applications Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  10. 10. 10User-oriented storage in the Cloud• Local folder synced with the Cloud• Some examples : Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  11. 11. 11 Features• Access your data from several devices• Share data with others• Online replication / backup Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  12. 12. 12 Access from several devicesCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  13. 13. 13 Encryption Principle• Encrypt the local folder(s)• Keep the key on the device(typically, password-encoded)• Synchronise the encrypted folder Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  14. 14. 14 How to do it ?• Dedicated solution + existing Cloud service e.g. :• Generic encryption solution + existing Cloud service e.g. :• Solution that provide local encryption and Cloud service e.g. : Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  15. 15. 15 Example with BoxCryptor• BoxCryptor Folder: – On my hard drive – Contains configuration file – Contains encrypted files – Synced with my Dropbox/Google Drive/other• Virtual Drive – Letter Z: – Shows files in clear Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  16. 16. 16 Text file in clearCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  17. 17. 17 Encrypted text fileCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  18. 18. 18 How to choose a solution ?• Most use the same encryption algorithm and key size (AES 256 bits)• Features to evaluate : – Performance – Implementation (open source ? experts validation?) – Ease of use• Impact on sharing features Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  19. 19. 19 Opinion• These products allow : – Transparent use – Low impact on performance in most cases – Some functions are not affected – Real security gain• Their limits are : – Sharing is more complex – Security : the Cloud provider still can… • Monitor your activity • Know the file sizes Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  20. 20. 20 Agenda• The need for Cloud Encryption• Encryption for user-oriented storage in the Cloud• Encryption for other SaaS applications Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  21. 21. 21Cloud Security Gateways : Goal Allow to use Software as a Service applications While preserving data confidentialityCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  22. 22. 22How it works (in-house gateway) SaaS Application Encrypted Data Gateway Clear Data User OrganizationCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  23. 23. 23 More about the gateway• It knows the SaaS application• It knows the structure of the exchanged data• Encrypts / Decrypts some fields on the fly• Leaves other fields on clear• Some basic features are not affected by encryption : – Search – Sorting Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  24. 24. 24 Search on encrypted data ? SaaS Application Search « q89sj9 ?& » Gateway Search « John Doe » Word by word encryption + deterministic encryption User OrganizationCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  25. 25. 25 User view The user logs in to the gateway url ://application-gateway.com/ instead of the SaaS application url ://application.com/ Then : transparent use of the applicationCloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  26. 26. 26 Cloud Security Gateways : market• Providers – Certes Networks – CipherCloud – Concealium – Intel – PerspecSys – Symantec Source : Gartner 2012 Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  27. 27. 27 Custom application ?• Each gateway is application-specific (e.g. only works for Office 365)• Some providers allow to customize a gateway for an application – Application urls – Policies e.g. specify which fields are encrypted or tokenized Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  28. 28. 28 Conclusion on Cloud Security Gateways• Allow to use Saas applications while protecting data• Things are moving fast• Trade-off between – Functionality – Security Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  29. 29. 29 Opinion• Encryption for user-oriented storage in the Cloud – Use can be transparent – Impact on performance can be limited – True security gain• Encryption for other SaaS applications – Protect the data – Impact on some cloud features • Functionality • Cost • Availaibility Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  30. 30. 30 Recommendations• If you think about buying a Cloud Security Gateway you should : – Precisely find out how much security you gain from it – Think about availibility of the service – Determine which functions of your SaaS application are crucial Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be
  31. 31. 31 Questions and remarks are welcome !Julien.Cathalo@smals.be www.smals.be Cloud Encryption - Julien Cathalo - Smals Research Infosecurity.be

×