It is true that computing has many advantages including elasticity, flexibility and pay per use. But, there is one major issue with cloud computing – security. The tremendous possibilities offered by cloud computing would have been explored by almost all businesses big and small a while back had it not been for the security issues. The situation becomes worse when encrypted cloud storage is involved.
As far as cloud computing is concerned, the customer is supposed to store everything on remote servers owned by a third-party without having to worry about security risks. But, in real life security is more of a shared responsibility. The cloud computing service provider is supposed to be responsible for securing the data center premises, but as far as the customer applications and operating systems are concerned, this hostility on security lies with the customer also. This is when problems start cropping up. To negate the problem, scientists have come up with something called encrypted cloud computing. It is definitely secure compared to traditional cloud computing, but the problem with encrypted cloud computing is it is far more complex compared to the traditional variety and if someone fails to deal with the complexity, security problems might again crop up. You need to understand that securing virtual servers are not very different from securing physical servers - the basic rules are same and if the service provider fails to enforce a strong access control policy, the security of the customer might get compromised.
In the case of encrypted cloud computing, the data that you intend to store on the remote servers is stored in a completely different way - is actually stored in the form of keys and you need to adopt a complex key management procedure to make sure that your encrypted data is secure at all times. In this case, the data that you intend to store on third party virtual servers gets encrypted first and this encrypted data can be decrypted by using keys that are supposed to be accessible only by the customer or a chosen group of people. Now, every time you need to access your data, you would be required to have access to those keys and use them properly. This is where the problem is - key management in itself becomes a big issue because whenever someone tries to access data needs keys are used and they become vulnerable either when they are stored or when they are used. If security is breached at any of those times, you might end up losing data.
The problem with encrypted cloud computing is that it does not offer multilayered security - it only encrypts your data and if someone is smart enough to be able to access your keys, your data could be easily stolen. The keys are themselves very much vulnerable to attacks and there is no foolproof security system to ensure their safety. So, encrypted cloud computing needs to evolve fast and until that happens, cloud computing is going to be considered as an “experimental project” by many.
