Methods for Protecting Data in the Cloud
The most straightforward method for storing application data may be to store the data in the cloud. The programming model for this method is very close to existing non-cloud development models making it easier to implement. In addition, application performance is usually at a peak with fewer protocol layers and reduced data transfer times. However, the data in the cloud must be protected from unauthorized use.
1. Encrypting Data
In order to protect data in the cloud, the data can be encrypted before being stored in the cloud. Conversely, data being returned from the cloud will be decrypted. Glenn Brunette, an engineer at Sun Microsystems is working on a project called the cloud safety box. The goal of this project is to create an Interface to a cloud storage provider that enables encryption/decryption of content stored in the cloud.
An information-centric approach to storing data in the cloud is a self-protection scheme. Data is encrypted and packaged with a usage policy. When the data is accessed, the data item should only reveal itself to a trustworthy caller based upon the policy .
3. High-Assurance Remote Server Attestation
The High Assurance Remote Server Attestation method provides a mechanism for the data owner to audit how the data is being used. This can be done to ensure that data is not being abused or leaked. This method does not actually protect the data, but it provides a mechanism for ensuring that security has not been breached .
4. Privacy-Enhanced Business Intelligence
The Privacy-Enhanced Business Intelligence method encrypts all data stored in the cloud. This is similar to the Encrypting Data method described above; however, special features have been added that allow the data to be searched. This searchability allows a search query to be encoded, in which case the cloud can then decide if the stored data matches the encoded search query.
5. Data External from the Cloud
One option for retaining control of the data is to store it outside of the cloud, in an on-site data center. The primary drawback of this approach lies in accessing data from the cloud-based Web application
a. Firewall Exceptions
In order for the application to access the data, certain firewall excepts will need to be made. At the very least, the required ports will need to be opened in the cloud and at the on-site data center storing the data.
b. Web Service Lookup
Web Services, running in the on-site data center, can be used to make the data available to the application. This approach overcomes problems with the Firewall Exceptions method.