Abstract
Cloud has fundamentally transformed digital and cybersecurity landscape. Enterprises continue to move their data and applications to the cloud so they can utilize and pay for only needed resources, thereby avoiding large upfront investment. Some also believe that in addition to its promise of demand elasticity, the cloud also offers security of data. We analyze this security aspect in this paper. Protection of data stored in the cloud is intertwined with the generation, management and lifecycle of cryptographic keys that encrypt this data. We list various options available for protection of data, along with their relative strengths and weaknesses. These options are explained with examples from three main cloud service providers; Google, Azure and AWS. We highlight the importance of separation of duty and how cryptographic keys can and should be managed by trusted third parties. This not only increases security but can also facilitate regulatory compliance. While describing security best practices for protecting sensitive data in the public cloud, the paper also explains concepts such as BYOK, HYOK, key brokering and Root of Trust. It describes the level of data protection that can be achieved by using cloud native encryption and key management service, and how security can be enhanced by allowing customers to take direct responsibility for and control over their keys.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Thales 2020 Global Data Threat Report. https://cpl.thalesgroup.com/data-threat-report. Accessed 30 March 2021
Thales 2019 Cloud Security Report. https://www.thalesesecurity.com/2019/cloud-security-research. Accessed 30 March 2021
Gruschka, N., Jensen, M.: Attack Surfaces: A Taxonomy for Attacks on Cloud Services, pp. 276–279 (2010). https://doi.org/10.1109/CLOUD.2010.23
Rules for the Protection of Personal Data Inside and Outside of EU. European Commission. https://ec.europa.eu/info/law/law-topic/data-protection_en. Accessed 30 March 2021
California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa. Accessed 30 March 2021
Costan, V., Devadas, S.: Intel SGX explained. IACR Cryptol. ePrint Arch. 86. https://eprint.iacr.org/2016/086.pdf (2016). Accessed 30 March 2021
Amazon Simple Storage Service (S3). https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html. Accessed 30 March 2021
Azure Date Encryption at Rest. https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest. Accessed 30 March 2021
NIST Security Requirements for Cryptographic Modules, FIPS 140-2. https://csrc.nist.gov/publications/detail/fips/140/2/final. Accessed 30 March 2021
Post-Quantum Crypto Agility. https://cpl.thalesgroup.com/resources/encryption/quantum-safe-security-infographic. Accessed 30 March 2021
Chen, G., Chen, S., Xiao, Y., Zhang, Y., Lin, Z., Lai, T.H.: SgxPectre: stealing intel secrets from SGX enclaves via speculative execution. In: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), Stockholm, Sweden, pp. 142–157 (2019). https://doi.org/10.1109/EuroSP.2019.00020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kamaraju, A., Ali, A., Deepak, R. (2022). Best Practices for Cloud Data Protection and Key Management. In: Arai, K. (eds) Proceedings of the Future Technologies Conference (FTC) 2021, Volume 3. FTC 2021. Lecture Notes in Networks and Systems, vol 360. Springer, Cham. https://doi.org/10.1007/978-3-030-89912-7_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-89912-7_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89911-0
Online ISBN: 978-3-030-89912-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)