Gartner Research

Using Encryption to Protect Sensitive Data in Cloud Computing Environments

Published: 31 March 2010

ID: G00203928

Analyst(s): Daniel Blum

Summary

When enterprises use cloud computing, sensitive data will likely end up in the cloud as well. This data must still be protected from unauthorized access and modification. Different types of controls are needed depending on the type of cloud service that is used--infrastructure as a service, platform as a service, and software as a service have different characteristics. In this assessment, Principal Analyst Dan Blum will examine good security practices and solutions for data in public cloud environments.

Table Of Contents

Summary of Findings

Analysis

  • Use Cases
    • Data in Motion: Protection Options in Place
    • Data in Use: Still a Work in Progress
    • Data at Rest: The Protection Available Has Significant Limitations
  • Key Storage, Management, and Operations Challenges
    • Lack of Hardware Security Modules (HSMs) Holds Back Assurance
  • Remote Enterprise Key Management Services and Trustworthy Hypervisors Could Combine to Raise Assurance
    • Remote Enterprise Key Management Services
    • Trustworthy Hypervisors Could Strengthen Overall Encryption Assurance
  • Cryptography in the Cloud Will Be Costly

Strengths

  • Protecting Data in Motion Is Straightforward
  • Sensitive Data Can Be Encrypted or Masked Before Being Stored in the Cloud (for Some Applications)
  • Virtualization Provides an Isolation Boundary for Processing Sensitive Data in the Cloud
  • CSPs Have the Opportunity to Provide Robust Infrastructure Security and Will Improve over Time

Weaknesses

  • Multi-Tenant Public Clouds Put Data at Greater Risk
  • Encryption in Distributed, Virtualized Clouds Has Significant Limitations
  • Customers May Underestimate or Ignore the Risk of Putting Sensitive Data in the Cloud
  • Cryptography in the Cloud Will Be Expensive
  • For Enterprise Cloud Computing Customers
    • Tactical
    • Strategic
  • For CSPs and Virtualization Infrastructure Vendors

The Details

  • A Trusted Virtualization and Cloud Computing Initiative
  • Cloud Stacks Layers and the Assurance of Isolation
  • Virtual Machines Isolation and the Cloud
  • Virtualization and TPM implementation

Notes

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.