Big Data and Cloud Computing

1. Confidentiality If you back up your data to the cloud, your Cloud Service Provider (CSP) shouldn’t be able to see the data you store. “They can’t guarantee that!” you say. “I have to encrypt the data before it leaves my machine.” That’s all well and good, until you are relying on your CSP for this service, like Server Side Encryption available in AWS S3 where they manage your keys. How does one ensure the management of these keys to prevent an administrator from decrypting your data? 2. Integrity How do you know that your CSP didn’t log into your machines when you weren’t looking? Well, unfortunately in most cases, you don’t. Sure, you can check your logs, but the really good hackers (and even the script kiddies with good tools) can remove log entries and modify timestamps. You need a way to verify that you’re the only one logging into your machines. To expand on this, customers typically have the ability to manage their images and snapshots they run in the cloud. How does o...

Today, no CSP can guarantee that your data will be secured “For Your Eyes Only.” Encryption algorithms and compliance policies can only achieve so much. From the CSP perspective, we have to take reasonable measures to ensure customer data is not used in any way by the provider that is unintended by the customer. As a way to mitigate exposure of customer data, some CSPs encrypt data at rest using encrypted hard drives or encrypted file systems. The other part of the equation for risk mitigation is proper device destruction either logically, using an appropriate method of sanitization like DoD 5220.22-M  or physically  DSS Clearing and Sanitization Matrix  and  Special Publication 800-88: Guidelines for Media Sanitization . And then, there are the backups. CSPs manage several copies of data to prevent total failure in both onsite and offsite facilities, and more than likely, the data stored on tape or other hdds is encrypted. Once you have encrypted drives and e...