Employees are increasingly turning to consumer grade file sharing services such as Dropbox for business activities, and even if that use is sanctioned by IT, custody remains a challenge because, although the enterprise still owns the data, custody moves to the cloud provider. It is difficult, if not impossible, to maintain visibility and control over data in the cloud and prove chain of custody. Complicating the situation, data can be compromised without IT's knowledge, since they may not even be aware that documents are being stored and shared in the cloud.
What's needed is a trustworthy cloud. Trust in the physical world is achieved through relationships and contracts, and enforced using oversight and punitive action in response to a breach of trust. Building on the concept of trust, trustworthiness is a model that uses carefully designed and implemented technology, policies and reputation networks to achieve data security. Applied to the cloud, it means that even though organizations no longer have physical custody of their files, by embedding security into the document itself they have the means to secure sensitive documents so that they can be shared and still remain private.
Trustworthiness uses low-level cryptographic algorithms to enforce policies, revoke access rights and monitor access activities. It is defined and controlled exclusively by the data owner without any intervention from the cloud service provider. In a trustworthy cloud scenario, authorized users have visibility into groups and documents—limited by their role—but in a manner that doesn't weaken the cryptography or open the system to additional attacks. This approach prevents the misuse of cloud data from going undetected by creating a comprehensive audit trail of who is accessing files.
When content is stored in a trustworthy cloud, policies set up by the data owner are enforced by a solution provider without the solution or cloud provider ever having access to the data itself. This is called zero knowledge and relies on advanced federated key management technology.
Zero knowledge-based document sharing enables collaboration across organizational boundaries using any cloud storage provider, since federated cryptography is attached to the content rather than depending on the cloud container. For IT, it provides the ability to accommodate the growing popularity of BYOC (bring your own cloud) for business document sharing, while maintaining the visibility and control required for Governance, Risk Management, and Compliance. As an added benefit, the Trustworthy Cloud does not force users to adopt new tools or impose changes to an organization's existing security and audit infrastructures.
Implementing a Trustworthy Cloud
A trustworthy cloud establishes a provable separation of authority between the custodian of the information (the service provider) and the content owner and others who may have varying degrees of authorization to view or modify this information. The aggregate cryptographic algorithms and protocols provide strong guarantees of data privacy and chain of custody.In this context, privacy is the ability of participants to control disclosure of sensitive business data. Confidentiality, meanwhile, refers to the commitment by the service provider to refrain from accessing or disclosing the data. A trustworthy cloud solution replaces the conventional need to rely on confidentiality on the part of a cloud service provider with the ability to rely on technological controls to enforce data privacy. This is made possible by implementing an emerging approach that places security on the content instead of on the container itself.A trustworthy cloud has the all-inclusive ability to establish an electronic chain of custody record. This indelible record captures where the data originated, who may have accessed or modified it during its lifetime, and where and when there was a transfer of possession, no matter where it resides. In addition, content owners or the parties with fiduciary responsibilities for its lifecycle management can specify, monitor, and enforce fine-grain retention, disposition, and hold policies on data that is not in their possession. In practice, these records and policies can be carried as metadata that is based on the content but may be stored and encrypted separately from it.
Sign up for CIO Asia eNewsletters.