Keeping data safe – while in use – in the cloud

Keeping data safe – while in use – in the cloud

Protecting data while it is in use in the cloud has been a concern as long as the cloud has existed.

Homomorphic encryption, or the ability to keep data encrypted while it is being used in computations in the cloud, allows the system operator to protect data from hackers inside and outside the organization.

Mary Branscombe of techrepublic.com wrote recently that homomorphic encryption is beginning to move through the standards process toward adoption.

“The discussion is about specifications to say just how strong the encryption is; the next step will be getting a common set of application programming interfaces so that homomorphic encryption systems can interoperate,” Branscombe wrote. “Once we see standardization and hardware acceleration, it’s likely to become much more broadly adopted in the not too distant future, given how much confidential data organizations want to work with.”

When a system operator wants to use cloud-stored data, say for artificial intelligence, analytics or searching a database and uses traditional encryption, the data would need to be downloaded and decrypted first or the operator would need to store encryption keys in the cloud.

Branscombe said either result could be problematic, especially if the data has been shared by another organization that controls the encryption because the data is only encrypted in transit and at rest.

“Anonymizing data isn’t enough to protect it,” she wrote. “Once you start working with large amounts of data, correlations or user errors make it likely that data will be re-identified — accidentally or on purpose — but that can’t happen if it’s never decrypted.”

Homomorphic encryption isn’t new, the piece continued.

Originally proposed in 1978, no theoretical algorithm for it existed until 2009.

Branscombe estimated that the first theoretical algorithm would have taken a trillion times longer than an unencrypted calculation.

IBM Research, by 2013, reduced the algorithm to a million times slower, so a data operation that would take one second without encryption would still take 12 days with homomorphic encryption, she said.

That early encryption subsequently resulted in the Microsoft Research Simple Encrypted Arithmetic Library, or SEAL, which was open sourced in 2018.

“With Microsoft SEAL’s homomorphic encryption, cloud operators never have unencrypted access to the data they are storing and manipulating, as computations are performed directly on encrypted data,” Branscombe concluded.