by Thomas Young, Partner & Managing Director, CIO Services - Infrastructure, TPI
The security of stored data is often cited as one of the key obstacles to organizations adopting Cloud Computing. To be sure, the risks are high if a company’s customer records are compromised as a result of being in an unsecure Cloud environment. That issue is enough to give even the most maverick CIOs pause as they consider their technology plans in the coming years.
However, if we look to other technologies that use public infrastructure, the solution for storing data in the Cloud may be right in front of us. The telecommunications industry has for years provided secure voice and data by encrypting communications and dividing them into multiple fragmented streams. The packets are sent on independent routes over unsecure public telephone networks and the Internet and then re-aggregated and decrypted in a secure environment. Something like secure à unsecure à secure.
All of this happens every time we log onto our brokerage accounts online and we never think twice about it. Why? Because if the packets were intercepted, they would have to be decrypted and re-aggregated for the voice or data stream to make sense. This is possible, but very difficult to do.
The same protocols can be used to store sensitive data in the Cloud. Data can be encrypted and divided at the bit-fragment level and stored in multiple, independent and diverse storage arrays. Each encrypted fragment reveals nothing if intercepted and meaningful information is only revealed if significant clusters of data are decrypted and re-aggregated. Theoretically possible, not likely.
In this architecture, aggregators sit between the application layer and the storage layer and act as an intermediary to the computing platforms that need the data, pushing and pulling these fragments. This is how Google search is architected. The data is read from storage, processed, and rewritten to storage, or something like this: secure à unsecure à secure. Just like in the telecommunications example, the unsecure segment is effectively secure because the data is fragmented and encrypted.
SNIA (www.snia.org) is working on standards to deploy this kind of technology so that data security will no longer be a barrier to cloud computing adoption. And in the future, when the auditors ask if your customer data is secure, you will be able to say, “Yes, it’s lost in the Cloud.”