Searchable Strong Encryption takes CipherCloud on new path
Who knew cloud security could be earth-moving? Davey Winder has a Harry Met Sally moment
Harold Wilson was undoubtedly right when he famously stated that a week was a long time in politics. Were he alive today he might discover that things happen a little more slowly in the cloud.
It was precisely three months ago when I wrote enthusiastically about the potential benefits of Homomorphic Encryption (HE) within the cloud space. Back then I spoke of a technology that enabled encrypted data to be thrown into the cloud, processed without any need for decryption and then chucked back at you as a still-encrypted result from that processing as being "a bit knee-trembling for a data security geek like me".
It's early in the morning as I write this, but let me tell you the news coming from the direction of CipherCloud has positively given me a When Harry Met Sally moment.
You see the trouble with the whole Homomorphic Encryption solution has always been that, without actually knowing anything at all about the data being processed (courtesy of it being encrypted up the wazoo), the cloud server fails when you start searching for stuff. If you are looking for a search term but the server doesn't know what data it has stored or even what the search term itself is (as that's also encrypted) then all it can do is give a virtual shrug of the shoulders and send you everything it has and say 'you decrypt this stuff and find it then'.
Researchers at the Massachusetts Institute of Technology (MIT) along with some help from Microsoft had apparently solved the problem, in theory, by way of an algorithm. The result of this is a functional-encryption scheme where the cloud server runs a single computation on a homomorphically encrypted result and so can ask if a record is a match without seeing the search term itself or the data it's processing.
Unfortunately, it remains a theoretical exercise as the computational resources required to get it working mean it just isn't practical in any real world sphere. What CipherCloud has done, by taking a slightly different approach to the problem of searching encrypted data in the cloud, most certainly is practical, and it's here now.
Searchable Strong Encryption (SSE), the technology in question, works alongside the CipherCloud encryption gateway - the Linux-based software appliance which encrypts data in real time as it heads for the cloud. By effectively placing a search index into the gateway, CipherCloud has managed to find a practical way of searching cloud data that is protected with AES 256-bit encryption while maintaining compliance with government regulations and industry schemes. It's actually a pretty simple concept, by leveraging the gateway architecture you get secure local indexing and full searchability whilst data continues to be strongly encrypted in the cloud but without the kind of complex local database deployment other solutions may require.
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
OK, so it's not quite as Star Trek as the Homomorphic Encryption stuff, and it does tie you into a vendor-specific service, but right now, and to paraphrase the old lady in the New York diner, "I'll have what they are having".
Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.
Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.
You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.