September 05, 2012

Breaking the Trust Paradigm

Current key management technologies, as mentioned above, are either a trust compromise, or a compromise on cloud computing features. Breaking the trust paradigm requires a new approach, specific to cloud key management.

A technology that enables such an approach is split-key management. Here's a financial metaphor which will help to explain how this works, and its benefits. Most contemporary safe deposit boxes utilize a two-key system, the bank has one key while you (the box owner) hold the second key, and both keys are required to open the access door to remove the deposit drawer. This two key system is how the bank provides some assurance that an unscrupulous employee can't enter the vault and start pilfering boxes. Split-key management implements the same concept technologically in the cloud; the "bank" – a virtual key management system – generates a unique key for you, and another key to be used by the key management system. Both keys are required to encrypt and decrypt data, yet at the same time, only you, the end user, have access to your master key, making it impossible for the cloud provider to ever seeing your most critical piece of data – your encryption keys.

[The Rise of Cloud Computing on Wall Street]

Another foundational technology that is important in cloud data security is Homomorphic Key Encryption. This protects the sensitive encryption keys themselves, when they are in use in the memory of cloud servers. The benefit is that the most sensitive information, the keys themselves, are never exposed in the cloud, even when they are actually used. Advanced "partially homomorphic" mathematics enables such innovation.

Going forward, such technologies, integrated with financial clouds and SaaS applications, lower the risk to data privacy and allow financial institutions to migrate more easily to the cloud.

Gilad Parann-Nissany, founder and CEO, is a Cloud Computing pioneer. As CTO for Small Business at SAP, Gilad built SaaS Clouds for medium and small enterprises and contributed to SAP products reaching more than 8 million users. Before founding Porticor, he created a consumer Cloud at – a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and applications.