Harold Wilson was undoubtedly right when he famously stated that a week was a long time in politics. Were he alive today he might discover that things happen a little more slowly in the cloud.
It was precisely three months ago when I wrote enthusiastically about the potential benefits of Homomorphic Encryption (HE) within the cloud space. Back then I spoke of a technology that enabled encrypted data to be thrown into the cloud, processed without any need for decryption and then chucked back at you as a still-encrypted result from that processing as being "a bit knee-trembling for a data security geek like me".
It's early in the morning as I write this, but let me tell you the news coming from the direction of CipherCloud has positively given me a When Harry Met Sally moment.
You see the trouble with the whole Homomorphic Encryption solution has always been that, without actually knowing anything at all about the data being processed (courtesy of it being encrypted up the wazoo), the cloud server fails when you start searching for stuff. If you are looking for a search term but the server doesn't know what data it has stored or even what the search term itself is (as that's also encrypted) then all it can do is give a virtual shrug of the shoulders and send you everything it has and say 'you decrypt this stuff and find it then'.
Researchers at the Massachusetts Institute of Technology (MIT) along with some help from Microsoft had apparently solved the problem, in theory, by way of an algorithm. The result of this is a functional-encryption scheme where the cloud server runs a single computation on a homomorphically encrypted result and so can ask if a record is a match without seeing the search term itself or the data it's processing.
Unfortunately, it remains a theoretical exercise as the computational resources required to get it working mean it just isn't practical in any real world sphere. What CipherCloud has done, by taking a slightly different approach to the problem of searching encrypted data in the cloud, most certainly is practical, and it's here now.
Searchable Strong Encryption (SSE), the technology in question, works alongside the CipherCloud encryption gateway - the Linux-based software appliance which encrypts data in real time as it heads for the cloud. By effectively placing a search index into the gateway, CipherCloud has managed to find a practical way of searching cloud data that is protected with AES 256-bit encryption while maintaining compliance with government regulations and industry schemes. It's actually a pretty simple concept, by leveraging the gateway architecture you get secure local indexing and full searchability whilst data continues to be strongly encrypted in the cloud but without the kind of complex local database deployment other solutions may require.
OK, so it's not quite as Star Trek as the Homomorphic Encryption stuff, and it does tie you into a vendor-specific service, but right now, and to paraphrase the old lady in the New York diner, "I'll have what they are having".
