Microsoft getting More Secure in Cloud

Tuesday, May 19, 2015 @ 02:05 PM gHale

Microsoft wants to get more secure in the cloud so they started a research project with the goal of helping companies protect their stored data.

The cloud offers numerous benefits, but fears of a not so secure cloud are keeping companies leaders up at night because they have major IP they could lose if there is a breach.

Cloud Security in Disguise
Oil, Gas: Protecting Against Black Swan
Employees Violate Cloud Security Rules
BYOD, Cloud Security Risk Growing

Microsoft is dealing with that with a new technology research called Verifiable Confidential Cloud Computing, or VC3, it released Monday at the IEEE Symposium on Security and Privacy in San Jose, CA.

The goal of VC3 is to ensure data is secure even when it ends up used to make calculations or other transactions. The technology safeguards personal and other highly valuable data in case there is a breach in the cloud provider’s systems, but it also works against threats within the provider.

“Let’s say a financial services company wants to access a number of clients’ personal financial records to make a complex series of calculations in the cloud,” Microsoft’s Allison Linn said in a blog post. “That data is stored in a sort of lockbox that can be accessed only within secure hardware managed by VC3.”

“To make the calculations, the client’s data is loaded into the secure hardware in the cloud, where the data is decrypted, processed and re-encrypted,” he said. “No one else — including the people who work at the company running the cloud-based service — can see or access the data.”

A research paper detailing VC3 said the system runs on unmodified Hadoop, but keeps the hypervisor, the operating system and Hadoop out of the trusted computing base (TCB). This approach ensures integrity and confidentiality end up even if these components end up compromised.

When users run large-scale distributed computations in the cloud they leverage frameworks such as MapReduce, a popular programming model for processing large data sets.

The problem is while data at rest is easy to protect using encryption, however, when the data ends up processed it needs access in clear text. This allows an external attacker to access and manipulate data by exploiting vulnerabilities in the cloud environment. It also allows a malicious insider with administrative privileges to leak or alter data.

VC3 relies on SGX processors to isolate memory regions on individual devices, and to deploy new protocols that secure distributed MapReduce computations, Microsoft officials said.

Researchers said as long as malicious actors don’t have control over certified physical processors involved in the computation, they can’t access an organization’s data even if they control the cloud provider’s entire software and hardware infrastructure.

Leave a Reply

You must be logged in to post a comment.