ID Number: G00203928



Using Encryption to Protect Sensitive Data in Cloud Computing Environments
31 March 2010
 
Dan Blum  

When enterprises use cloud computing, sensitive data will likely end up in the cloud as well. This data must still be protected from unauthorized access and modification. Different types of controls are needed depending on the type of cloud service that is used--infrastructure as a service, platform as a service, and software as a service have different characteristics. In this assessment, Principal Analyst Dan Blum will examine good security practices and solutions for data in public cloud environments.





*
Unavailable for individual purchase
For information on how to gain access to this and other documents,
click here.













Contact Gartner




For information on how to gain access to this and other documents, click here.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







This document is not available as part of your current Gartner subscription. For pricing and availability of the full document, please contact your Gartner account representative. Your account representative can also give you more information about your current subscription and other access options that may be available to you. If you do not have a Gartner account representative, call +1 203 316 1200 for assistance.

Table of Contents

Contents
  • Summary of Findings
  • Analysis
    • Use Cases
      • Data in Motion: Protection Options in Place
      • Data in Use: Still a Work in Progress
      • Data at Rest: The Protection Available Has Significant Limitations
    • Key Storage, Management, and Operations Challenges
      • Lack of Hardware Security Modules (HSMs) Holds Back Assurance
    • Remote Enterprise Key Management Services and Trustworthy Hypervisors Could Combine to Raise Assurance
      • Remote Enterprise Key Management Services
      • Trustworthy Hypervisors Could Strengthen Overall Encryption Assurance
    • Cryptography in the Cloud Will Be Costly
  • Strengths
    • Protecting Data in Motion Is Straightforward
    • Sensitive Data Can Be Encrypted or Masked Before Being Stored in the Cloud (for Some Applications)
    • Virtualization Provides an Isolation Boundary for Processing Sensitive Data in the Cloud
    • CSPs Have the Opportunity to Provide Robust Infrastructure Security and Will Improve over Time
  • Weaknesses
    • Multi-Tenant Public Clouds Put Data at Greater Risk
    • Encryption in Distributed, Virtualized Clouds Has Significant Limitations
    • Customers May Underestimate or Ignore the Risk of Putting Sensitive Data in the Cloud
    • Cryptography in the Cloud Will Be Expensive
  • Recommendations
    • For Enterprise Cloud Computing Customers
      • Tactical
      • Strategic
    • For CSPs and Virtualization Infrastructure Vendors
  • The Details
    • A Trusted Virtualization and Cloud Computing Initiative
    • Cloud Stacks Layers and the Assurance of Isolation
    • Virtual Machines Isolation and the Cloud
    • Virtualization and TPM implementation
  • Notes
Figures
Figure 1.
Division of Control in Public Cloud Environments
Figure 2.
Sensitive Data in Working Storage
Figure 3.
Trustworthy Hypervisor and Remote Key Server Scenario
Figure 4.
The Trusted Cloud Proof of Concept (POC)




© 2010 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 1405739