As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info
When Moving to the Cloud, Don't Overlook Cryptographic Security
January 14, 2011 - Tom Field, Editorial Director Share
Ralph Spencer Poore: There's no better way to secure critical data than through cryptography, especially when that data is stored in the cloud.
Ralph Spencer Poore, an information security veteran with decades of experience in cryptography, is a proponent of employing cryptographic security in cloud computing.
"Information in motion and information at rest are best protected by cryptographic security measures," says Poore. "In the cloud, we don't have the luxury of having actual, physical control over the storage of information, so the only way we can ensure that the information is protected is for it to be stored cryptographically, with us maintaining control of the cryptographic key."
But know what you're looking for when you seek a cloud provider who promises cryptographic security, Poore says. "Cryptographic security measures must not be left to the imagination of the party in the cloud," he says. "Do your homework. Really understand what the capabilities are of any organization to which you're outsourcing."
Among the unique challenges are jurisdictional issues. "Because the cloud has the potential of being international, and because cryptographic technology is considered by most nations to be 'munitions' or a similarly restricted category, cryptographic implementations may have jurisdictional limitations and potential liabilities," Poore says. "The client relying on the cloud should ensure that such issues are clearly addressed by contract."
In an interview about cryptographic security in the cloud, Poore discusses:
•How cryptography relates to cloud computing;
•Challenges to overcome when employing cryptographic security;
•Key questions to ask of cloud service providers re: cryptography.
Poore is Chief Cryptologist for Cryptographic Assurance Services LLC (Arlington, TX). He has over 35 years of information security experience, including over 20 years of applied cryptography. He has written extensively on the subject and his work is cited in academic papers, national standards, professional journals, and books.
Podcast Options
Play Streaming Audio
Download MP3 File
iPod and mobile devices
Related Podcasts in:
Technology
- Cloud Computing
- Encryption
No comments:
Post a Comment