Can we really trust Cloud computing, David Blundell reviews
Public cloud usage is growing rapidly, private cloud is used for large volumes of data and data that is not trusted to the cloud. Businesses are using hybrid cloud to reduce capital expenditure costs and make their infrastructure usage more flexible.
More than two-thirds of companies now use Infrastructure as a Service (IaaS) for at least some aspect of their computing infrastructure Link Here
Public Cloud environments must rely on trust between the Cloud service provider and end user. There is currently no way of provably protecting user data and applications from access by the provider while still being able to process that data on the provider’s infrastructure.
Current state-of-the-art services and tools such as CipherCloud act as a gateway, encrypting data uploaded to and stored in the cloud and selectively decrypting data retrieved and returned for use. They are not suitable for applications involving intensive data processing in the cloud and they still rely on trust as the encryption key and data in use is stored on the encryption gateway RAM in plain text. Consequently, users must rely on data protection, contracts and regulations which aim to establish reassurance and a minimum of trust between a Cloud service provider and a user. Currently, data protection, Service Level Agreements, privacy policies and regulations are in place (EP Directive 95/46/EC, available at
Consequently, users must rely on data protection, contracts and regulations which aim to establish reassurance and a minimum of trust between a Cloud service provider and a user. Currently, data protection, Service Level Agreements, privacy policies and regulations are in place (EP Directive 95/46/EC, available at Link Here), aim to establish reassurance and a minimum of trust between a Cloud service provider and a prospective customer. There is however, an absence of technical solutions/enforcement.
While existing solutions already provide zero-knowledge Cloud storage services, this is not the case for network infrastructure and, particularly, data processing services.
100 PercentIT and Oxford University Research
100 Percent IT is participating in the Antyran project with the University of Oxford which builds upon a previous research project undertaken by the University of Oxford called “myTrustedCloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Management” Link Here.
100 Percent IT will commercialise the results of this work through market maturation of the key technical innovations, with the goal to:
● Secure user data in such a way that service providers cannot access it at any point in time or service delivery chain;
● Enable users to prove through an audit trail that no unauthorised person has accessed the data;
● Reduce customer cost of managing risks of unauthorised data access and/or collateral data leakage in the event of service provider compromise;
● Significantly reduce operational costs through simplifying the effort involved in complying with data protection regulations in force in Europe and worldwide.
The Antyran project builds upon 100 Percent IT’s existing innovations in integrating Trusted Computing into multi-tenant OpenStack environments to advance the state of the art by further including technical key innovations in network infrastructure and data processing services to provide a zero-knowledge IaaS public cloud service.
Developing this technology will open up the Cloud computing market to new sectors that currently, due to security concerns and regulations, are unable to process sensitive data in the public Cloud environment.
IaaS is the fastest growing segment of the Cloud market. Gartner predicts a global compound annual growth rate for IaaS of 41.7% by then end of 2016 and in 2013 the market was $9 billion. The top two concerns cited even by organisations who do move to the cloud are security and privacy (c.f. IDG Research on behalf of Sunguard Availability Services and EMC Corp.)
In 2015, a Cloud Security Alliance survey of the Financial sector identified that while 39-47% of respondents were planning to use a mix of in-house IT, private and public Clouds, none were planning to be hosted mostly in a public Cloud due to security concerns. Dr Chenxi Wang, Vice President, Cloud Security and Strategy, CipherCloud commented: “There’s plenty of room for growth, particularly for providers who can fill the void for the auditing and data protection controls that are at the top of respondents’ cloud wish list.” A solution that allows organisations to completely encrypt and audit the privacy of their data in the public Cloud opens up this already fast growing market even further.
The benefits of the Antyran project to cloud providers is that it reduces the costs of compliance. The benefit to end users is that it simplifies their risk management requirements, in turn reducing costs and enabling them to take advantage of agile Cloud computing environments to increase competitiveness.