SaaS vendors, customers, finding new ways to secure the cloud

Rogue employees, hackers, government employees all threats to keeping information stored on the cloud private

security lock

Edward Snowden's leaks about NSA spying may have brought the issue of cloud security to broad public attention, but some enterprise users were already concerned about how to take advantage of cloud-based applications while keeping their data safe.

[NSA revelations a mixed bag for private clouds]

As a result, enterprises, cloud-based application vendors, and security startups have all been trying to come up with ideas to make clouds more secure.

The main issue at heart is that a cloud-based software-as-a-service (SaaS) provider must see the data in order to do anything useful with it. For example, an online word processing application must be able to read the document in order to offer spell checking capabilities. An online storage vendor must be able to read stored documents in order to allow users to search for just the ones they need.

Since the cloud vendor must be able to see the actual data at some point, that is when a rogue employee, a hacker, or a government agency might step in and grab a copy of it.

Some enterprises are choosing to forego the cost savings and convenience of using the cloud apps, and switching back to on-premises software. According to an August report from the Information Technology & Innovation Foundation, the U.S. cloud computing industry can lose between $22 and $25 billion over the next three years as a result of security concerns.

Advertisement

To address this problem, SaaS vendors and their customers are turning to a new crop of security solutions for the cloud.

In general, these fall into two major categories: on-premises gateways that encrypt or tokenize data before passing it on to the cloud vendor, and third-party encryption appliances that limit vendor access to data while allowing the customer to control the keys.

Proxies and gateways

With a proxy or gateway, an enterprise installs an encryption appliance on premises, in a data center they control, or even in a virtual machine with a public cloud provider like Amazon. Company users looking to access their favorite cloud services are sent to the proxy instead, where, completely invisible to the user, the data is encrypted or tokenized before it goes out, and decrypted when it comes back in.

1 2 Page 1
Page 1 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!