It’s no secret that traditional perimeters for securing and storing data are slowly evaporating into the all-elusive cloud. According to Cybersecurity Ventures, the world will store about 200 zettabytes of data in the cloud by the year 2025 - or about 50% of the world’s data by that time.
For the average person, it’s becoming easier to picture a life where more of our data exists in the cloud. We see it happening at work, and in our personal lives - but it dawns on few how safe or secure our data might be up there.
I mean really, who gives a $@*# about secure cloud computing? And why should they?
This blog is a recap of an episode of our podcast Hash It Out. You can watch the full episode for free.
Before we can understand why privacy-enhanced cloud computing is important, we need to first understand what it is. Cloud computing refers to the delivery of computing services such as storage, processing power, and software applications over the internet.
Instead of using physical hardware such as a personal computer, individuals and organizations can access these services from remote servers maintained by cloud service providers. Cloud computing breaks down into information, application, and computing utilities, and takes form in IaaS, PaaS, and SaaS.
Think of it as renting a car instead of buying one. When you rent a car, you have access to it for a period of time without having to worry about maintaining it or paying for its upkeep. In the same way, cloud computing allows you to use computing resources without having to own the hardware or software yourself. Some examples of cloud computing services include online file storage, email services, and web-based applications like Google Docs and Microsoft Office 365.
By using these services, you can work on your documents and files from anywhere, as long as you have an internet connection, without worrying about losing your data or being tied down to a specific device.
Privacy-enhanced cloud computing (PECC) is a form of cloud computing that focuses on protecting the privacy and confidentiality of users' data. In traditional cloud computing, data is stored and processed on servers owned and managed by a cloud service provider. This can raise concerns about the security and privacy of the data, as users may not have full control over how their data is used or accessed.
PECC addresses these concerns by implementing various techniques and protocols to protect the privacy and confidentiality of users' data. These techniques include encryption, anonymization, and access control mechanisms, which are used to ensure that only authorized users can access the data and that it remains secure even if it is stored on a third-party server.
For example, if you use a PECC service to store your personal photos, the photos will be encrypted before being stored on the cloud server. This means that even if someone were to gain unauthorized access to the server, they would not be able to view or access your photos without the encryption key. Overall, PECC provides users with greater control over their data and helps to protect their privacy and confidentiality when using cloud computing services.
The concept of cloud computing dates back to the 1950s when large mainframe computers were shared among multiple users. The term "cloud computing" was coined in the early 2000s to describe the delivery of computing resources over the internet. This marked the beginning of the modern era of cloud computing, which was driven by the growth of the internet and the need for more efficient and cost-effective ways of managing data and applications.
Before cloud computing, companies stored data and software on their own hard drives and servers, often in closets that were secured via lock and key. The bigger the company, the more storage needed. This way of treating data was not scalable at speed. Ownership of data was clear, but overhead costs, like air conditioning, security, and electricity were high. To offset these overhead costs, organizations began to put their data in co-location facilities.
At this point, the question “Do I still own my data?” emerged. While the organizations still technically owned the servers their data was stored in, they did not own the cages that locked their data. This eventually led to the leveraging of cloud resources, where businesses were able to avoid large upfront hardware costs and instead pay only for the resources they used. But while cloud computing is more affordable and easy to use, the haze to determine who owns data continues to thicken and foster conversations around topics like data sovereignty and data security. “Where you gain agility, you lose control” - Tony Rosales.
There are many benefits associated with using the cloud. Because of cloud computing, we are able to achieve unimaginable feats. However, a balance to mitigate risks must be made. The benefits of cloud computing are obvious, but the trade-offs are not always clear. Unfortunately, privacy and security tend to fall to the waste side. Some people have an insidious picture of a scary multinational company mishandling their data or envision employees in data centers spying on their most private moments.
Actually, these companies are, most of the time, reputable and honorable. However, mal actors do exist, whether it be cyber terrorists, hackers, PII (Personal Identifiable Information) thieves, or a bitter individual with a personal vendetta. Sadly, there are people who wish to attack, steal and cause disruption.
When we leverage cloud services, essentially what we’re saying is, “Cloud service provider, you can store my data.” There is an inherent level of trust that they will also secure said data. However, the various levels of breaches over the years, raise a cause for concern. This is where Virtru fits. Most of us have used a public metro system at one time or another. We value its ability to give us speedy, efficient, and cheap transport. We also inherently expect for that transport to be safe. No one catches the train during rush hour, expecting to be pickpocketed. Still, it happens. And while public transport systems do their best to keep their operations safe, their main focus is efficiency, speed, and cleanliness. This is why they often outsource security measures to local police departments. Two separate entities work together so that you don't have to trade the efficiency of public transport for the security of being in your own car. Virtru works a lot like the local police departments. We assist the cloud providers in keeping you safe so you can freely enjoy your journey of cloud computing and collaboration. We allow you to reap the benefits without inheriting the risks. We offer easy-to-use, military-grade data privacy solutions, so you don’t have to trade agility and scalability for control.
The real question is: why should you give a $@*# about privacy-enhanced cloud computing? Why go through the process of adding a layer of security? We have three solid reasons.
Analytics & Proprietary Patterns: Analytics and cloud computing are closely related because it allows for business scalability. Cloud computing provides a flexible and scalable infrastructure for collecting, storing, and processing large amounts of data, while analytics allows businesses to gain insights and make informed decisions based on that data. Businesses can easily scale their computing resources up or down as needed. Analytics in cloud computing allows businesses to quickly and easily deploy new analytical solutions, experiment with new techniques, and adapt agilely.
However, when you ask cloud computing providers to run analytical reports on your data, your data can be interpolated with data from other companies. It’s a two-way street; some cloud service providers can also run internal analytical reports on their users’ data to help inform their decision-making processes. Your data may remain anonymized, but you have given them your proprietary patterns which are now open to the public. These publicly available patterns could wreak havoc on your strategy.
Data Sovereignty & Compliance: Companies are beholden to certain legal requirements, depending on their business jurisdiction and industry. PECC techniques help to ensure that sensitive information is kept private and is important for complying with privacy regulations such as GDPR, HIPAA, ITAR, or CMMC 2.0. PECC techniques also help securely store and process data in the cloud, protecting it from unauthorized access, theft, or tampering. It also helps to maintain secure collaboration so that teams and stakeholders are able to access and share data, breaking down silos and improving communication across the organization. This is especially important for the transfer of sensitive or confidential data such as medical records, financial information, or intellectual property.
Additionally, cloud service providers are also beholden to judicial regulations. With a blind subpoena, a government agency could force a cloud vendor to turn over a customer's data without the knowledge or approval of the customer. In this scenario, a law enforcement agency can issue a binding legal order to a cloud provider to turn over customer data that could be used against the customer in a court of law.
Ownership & Encryption Keys: In a time when most rent and no one owns, it feels good to know that some things are truly yours, especially your personally identifiable information. From personal journals that are written on iCloud notes to complex corporate strategies developed on Google Slides, the peace of mind in knowing that what’s yours, is yours, is priceless. Ask anyone who migrated from renting to owning and they’ll tell you: there is a certain level of inherited authority when you know that property management can't enter your home without your permission. The likelihood of them doing so may not be high, but the way you operate your home is definitely impacted.
To have full control of your data, you and your authorized users must be the only ones with the encryption key. An encryption key is what allows you to unlock and access your encrypted data. Oftentimes, companies discover that while their data has been encrypted, the encryption provider also holds the encryption key to their data (giving the encryption provider full access to their data).
Naturally, not everyone wants or needs the same level of control, so everyone will not desire the same level of ownership. For some, it’s easier knowing that someone else has the (encryption) keys to their car (data) in case there is an emergency. Ultimately you must decide if encryption providers should host your keys, and take into account the regulations you’re required to follow in your country or industry.
The answer is… EVERYONE! While it may seem that only multinational corporations in highly regulated industries should be concerned with PECC, cloud computing has become indispensable for most businesses and households. It was instrumental in minimizing the social disruption and economic destruction of lockdowns and restrictions due to the COVID-19 pandemic and has become a part of “the new normal” for everyone, everywhere. Whether you’re the CISO at a health insurance giant, a person regulating their household finances on Google Sheets, or just sharing your iCloud photos with friends, PECC is a definite concern for you.
With the advent of cloud storage and IoT (Internet of Things) devices, like Apple watches and Amazon home products (Alexa, “Are you securing my data?”), privacy-enhanced cloud computing is necessary NOW and will only become more pertinent as we continue to live more of our lives online.
So, if you just realized that you’re in deep #$%* and really need help with regulating your privacy concerns, book a demo with us today.
Happy privacy-enhanced cloud computing!
Want to learn more about privacy-enhanced cloud computing from the experts? Watch our on-demand knowledge session: “Who Gives a $@*# About Privacy Enhanced Cloud Computing?” which aired on February 16, 2023.