In September a survey was published in Dynamic CISO that showed that “72% of Businesses Don’t Trust Cloud Vendors to Obey Data Protection Laws and Regulations”. Given this lack of trust by their customers what can cloud service vendors do?
When an organization stores data on its own computers, it believes that it can control who can access that data. This belief may be misplaced given the number of reports of data breaches from on premise systems; but most organizations trust themselves more than they trust others. When the organization stores data in the cloud, it has to trust the cloud provider, the cloud provider’s operations staff and the legal authorities with jurisdiction over the cloud provider’s computers. This creates many serious concerns about moving applications and data to the cloud and this is especially true in Europe and in particular in geographies like Germany where there are very strong data protections laws.
One approach is to build your own cloud where you have physical control over the technology but you can exploit some of the flexibility that a cloud service provides. This is the approach that is being promoted by Microsoft. In October Microsoft in conjunction with Dell announced their “Cloud Platform System”. This is effectively a way for an organization to deploy Dell servers running the Microsoft Azure software stack on premise. Using this platform, an organization can build and deploy on premise applications that are Azure cloud ready. At the same time it can see for itself what goes on “under the hood”. Then, when the organization has built enough trust, or when it needs more capacity it can easily extend the existing workload in to the cloud. This approach is not unique to Microsoft – other cloud vendors also offer products that can be deployed on premise where there are specific needs.
In the longer term Microsoft researchers are working to create what is being described as a “Haven in the Cloud”. This was described in a paper at the 11th USENIX Symposium on Operating Systems Design and Implementation. In this paper, Baumann and his colleagues offer a concept they call “shielded execution,” which protects the confidentiality and the integrity of a program, as well as the associated data from the platform on which it runs—the cloud operator’s operating system, administrative software, and firmware. They claim to have shown for the first time that it is possible to store data and perform computation in the cloud with equivalent trust to local computing.
The Haven prototype uses the hardware protection proposed in Intel’s Software Guard Extensions (SGX)—a set of CPU instructions that can be used by applications to isolate code and data securely, enabling protected memory and execution. It addresses the challenges of executing unmodified legacy binaries and protecting them from a malicious host. It is based on “Drawbridge” another piece of Microsoft research that is a new kind of virtual-machine container.
The question of trust in cloud services remains an important inhibitor to their adoption. It is good to see that vendors are taking these concerns seriously and working to provide solutions. Technology is an important component of the solution but it is not, in itself sufficient. In general computers do not breach data by themselves; human interactions play an important part. The need for cloud services to support better information stewardship as well as for cloud service providers to create an information stewardship culture is also critical to creating trust in their services. From the perspective of the cloud service customer my advice is always trust but verify.