Skyhigh Networks assembles a board of cryptography experts to consider a range of academically vetted cryptographic solutions that do not reduce functionality. <\/p>\n
A group of accomplished experts in cryptography research have announced they are forming what is believed to be the first industry-focused Cryptography Advisory Board. The board will provide oversight of encryption schemes for cloud security to ease the adoptionof cloud services. <\/p>\n
Data security continues to be one of the major hurdles preventing companies from moving data to the cloud, and for good reason. Enterprises worry about cloud data breaches, NSA surveillance, and court orders that can subpoena documents holding sensitive information (with which many cloud providers willingly comply). Increasingly, firms want to secure files with encryption tohinder outside parties who access sensitive documents from being able to read them. <\/p>\n
The problems that the industry is starting to solve are very challenging, says board member Ari Juels, professor at the Jacobs Technion-Cornell Institute at Cornell Tech, and former chief scientist of RSA. When companies place data in the cloud itsup to the cloud providers to make sure policies are enforced. Theres growing interest in the industry to take back power from cloud providers, and that creates some technical tensions. Cryptography helps, but it has to be implemented well, and rigorously. <\/p>\n
[Read more about cloud encryption: Encrypting Cloud Email Isnt as Easy as You'd Think.] <\/p>\n
The board will collaborate with Skyhigh Networks, a firm that analyzes the risks of cloud applications and helps organizations build security strategies. The board will ensure Skyhigh is aware of the world of development in academic research and have available toit the latest research and technologies relevantto its business. <\/p>\n
Juels says, rather than invent technologies from scratch, the board wants to make sure businesses are incorporating solutions properly and rigorously into product, with strong security guarantees on behalf of their customers. Its easy to get cryptography wrong, he says. Its hard to build a cryptography scheme well and robustly. <\/p>\n
Most of todays encryption implementations have significant drawbacks, he explains. Homomorphic encryption seemed to solve all problems as it made it possible to perform general computations over encrypted data, but it proved too inefficient. For example, a provider can manage email without actually seeing it, or store corporate data and perform analytics on it but not actually see it. However the computational overhead is on the order of10 million versus ordinary unencrypted software. It also solves a narrow subset of problems as it doesnt consider that clients increasingly want shared relationships with their cloud providers data. <\/p>\n
Newer encrypted hardware solutions allow data to be managed in a trustworthy environment, but it assumes the cloud provider isnt able to tamper with the pieces. <\/p>\n
The board will consider a range of cryptographic approaches looking for practical schemes that do not reduce functionality, including search, sort, and format validation. <\/p>\n
<\/p>\n