The cloud has proven to be a boon to businesses of all sizes, from startups to enterprise companies. The cloud has improved the economic efficiency of many business critical processes, but in the early days of cloud computing there was considerable (and valid) concern from businesses who for security and regulatory purposes needed to keep their data private. Many were not comfortable with allowing business sensitive information to reside on the servers of a third party. The cloud industry has largely overcome these hurdles and public cloud platforms exist that have the same robust level of security and regulatory compliance as could be expected from private clouds or other in-house infrastructure.
Data can be kept encrypted when it is at rest on cloud servers and transmitted in encrypted streams with TLS and other technologies. However, data that is in active use cannot be encrypted for obvious reasons. It has to be decrypted, operated upon, and then re-encrypted, which causes a host of key management and authorization issues. They aren’t insurmountable issues, but they do increase the complexity of cloud data management and they can cause particular issues when moving data between cloud services, which in an ideal world we’d like to be able to do fluidly.
IBM were recently awarded a patent that might put an end to many of these problems. Homomorphic encryption allows some operations to be carried out on encrypted data. The mathematics behind homomorphic encryption are complex, but the basic idea is that a class of operations can be carried out on the ciphertext and produce an encrypted result that when decrypted is identical to the result of carrying out those operations on the plaintext.
In a homomorphic encryption system, it would be possible for a cloud service to carry out a series of operations on encrypted data without ever decrypting it, produce a result that is never decrypted, and send the results to the data’s owner for decryption. Even though processing takes place on a third-party platform using that platform’s resources, the data remains encrypted at every stage in the process.
Craig Gentry, the co-inventor of the IBM patent said that “our patented invention has the potential to pave the way for more secure cloud computing services – without having to decrypt or reveal original data. Fully homomorphic encryption will enable companies to confidently share data and more easily and quickly overcome challenges or take advantage of emerging opportunities.”
It’s an exciting development for cloud platforms and cloud markets, and will comfort many businesses — particularly enterprise-scale businesses – that worry about the security of their data in the cloud.