Seite 73 - Cloud Services and Big Data

Implementation of Cloud Services in a Business Environment
64
Log files or metadata are often overlooked during the protection process.
Leaving these files unprotected can be avenues for data leakage and
intrusion.
Durable encryption strengths, such as for example the military standard AES-256
(
Advanced Encryption Standard), are strongly recommended in order to provide
sufficient protection. Proprietary encryption formats should be avoided.
The growing demand for efficient and effective techniques for cloud encryption
produced several new techniques, such as operations-preserving encryption, near-
zero latency measures, content- and context-sensitive encryption, or a new
approach towards key management.
7.6.1
Operations-Preserving Encryption
The operations-preserving encryption is a relatively new cryptographic technology.
It enables the encryption of sensitive data fields, such as social security number, or
credit card details, while letting users work, search, or report on the encrypted
information (Dash, 2013). In other words, this technology makes it possible to
continue working with encrypted data, pretending the data is not encrypted at all.
7.6.2
Near-Zero Latency
Whenever encryption processes are involved, a waiver of performance is implied.
This fact paradoxically contradicts the potential productivity benefit of cloud services
employed. An encryption technique that operates with a near-zero latency (less than
a few milliseconds) is usually not noticeably by the end users (Dash, 2013).
7.6.3
Content- and Context-Sensitive Encryption
Another new technique for encryption in the cloud is the context-aware encryption.
The encryption algorithm detects sensitive data, which is based on policies
regarding data content and the context, in which it operates. Then it automatically