By John P. Mello Jr. 02\/17\/15 5:00 AM PT<\/p>\n
Encryption has received a lot of attention lately as a solution to the growing data breach problem, but one of the hang-ups dogging the technology has been its ability to play nice in the cloud. <\/p>\n
That's especially true if an organization wants to control the keys by which its data is scrambled and use services offered by a cloud provider beyond simple storage. <\/p>\n
For example, if a cloud provider can't decrypt a client's data, it could break the provider's antivirus, data loss prevention, file preview and text indexing functions, as well as pose performance challenges. <\/p>\n
\"If the cloud provider can't decrypt your data, the cloud just becomes a dumb bucket,\" Adrian Sanabria, a senior analyst with the enterprise security practice at The 451 Group, told TechNewsWorld. <\/p>\n
That's why cloud service providers in the past have had access to users' data encryption keys. As long as a user trusted their provider, that approach was acceptable, but that's no longer the case for many organizations. <\/p>\n
Compliance with regulations requires some businesses to control the keys by which they encrypt their data. Other organizations just don't want to lose control of their information. <\/p>\n
However, if an organization wants to use a cloud provider's services, it can allow a provider to access its keys. \"Encryption still takes place in the cloud, but it's done with keys managed by the customer,\" Todd Partridge, director of product marketing at Intralinks, told TechNewsWorld. <\/p>\n
From a security perspective, though, that solution is imperfect. A rogue employee of the cloud provider could abuse those key privileges to peek at, or leak a customer's data. The solution also opens the door for lawyers or government authorities to snatch the data. <\/p>\n
Those authorities usually obtain data from a provider through a civil or criminal subpoena. As long as there isn't a gag order attached to the subpoena -- a rare occurrence except in national security cases -- a customer with control of its encryption keys has a chance to protect their data. <\/p>\n
<\/p>\n