What Is the future of encryption in cloud security?


Cloud computing has opened up several opportunities for consumers and businesses alike. With it, users can enjoy unparalleled levels of productivity, collaboration, and mobility. But network “openness” is not without its risks.

Data security has become a significantly more difficult challenge for organisations working in the cloud. Just last month; in what can be considered as one of the biggest IT mishaps of the year; over 550,000 Australian Red Cross blood donor records were leaked. According to the ABC, the Red Cross kept sensitive data in a completely unsecured environment; which made it extremely easy for an anonymous hacker to stumble onto the unprotected database.

Although the Blood Service survived from the reputational backlash; the frequency of these high-profile breaches is a sobering reminder that networks are fundamentally insecure — especially for companies that have failed to account for glaring system vulnerabilities. Thanks to cloud infrastructures and mobile devices, attacks can come from any direction.

The solution

As a small business owner, installing antivirus software is a good start to defending against a multitude of threats, but this won’t guarantee full system security. For the most part, data moves outside the boundaries of office walls and data centres — and this is when data is truly vulnerable. As larger sets of data are trafficked over the cloud; enterprises need a solution that goes beyond securing data at rest. They need encryption to protect data in-flight.

When you encrypt data in-flight, you are essentially encoding files at one endpoint and decrypting it at another. This means only authorised users with encryption keys can view the data; while cyber criminals see nonsensical text when they attempt to access the intercepted files.

Plenty of ways to encrypt

Keep in mind that there is no one way to encrypt messages in-transit. For a long time; technologies such as Secure Sockets Layer (SSL) and Transport Layer Security (TLS) were used to secure data transmitted from applications and web browsers. But considering the string of OpenSSL flaws; which left SSL/TLS encryption protocols vulnerable to denial-of-service attacks and the Heartbleed bug; companies can’t fully rely on these network security measures alone.

Companies have also chosen to encrypt network traffic by using IPsec, otherwise known as Internet Protocol Security. Simply put, IPsec encrypts each IP payload travelling between network systems; cloaking data as it moves from one location to another, and authenticating it when it reaches its destination. IPsec is designed to provide secure and always-on connections for clients; making it an attractive solution for businesses that have migrated to the cloud.

Implementing IPsec on an endpoint, makes it complicated and prone to misconfigurations; especially for companies with limited network security experience. On top of that, encrypting and authenticating every IP packet tends to choke network speeds and cause routing issues. And in a time when businesses demand high-performance cloud applications, low latency, and high throughput, traditional IPsec encryption is no longer sufficient.

Shift to low-layer encryption

Although it’s true that SSL, TLS and IPsec are popular encryption procedures for businesses; the best, often overlooked, method of protecting data in-transit is by encrypting it at the physical layer. This layer is literally comprised of the materials used to transmit data between different devices — think patch panels, Ethernet cables, optical fibres.

When companies only choose to encrypt data at the application level, other layers of the network like the cabling and the router remain unprotected. Alternatively encryption at the physical layer ensures that all services and applications running over the modem or the Ethernet cables; stays protected against eavesdropping. In other words; encrypting data before it even enters the fibre ensures the entire data channel; from the physical device all the way to the application; remains protected against outside intrusions.

Unlike IPsec encryption, physical layer encryption grants advanced-level data encryption at wire-speed; meaning companies experience virtually no network latency; and their data is not compressed or altered in any way.

Compliance demands

Aside from strengthened network security; the move to encrypting data at the physical layer is largely because of mandatory metadata retention laws. Under The Privacy Act 1988; companies are legally obligated to; secure personal information from misuse, loss, or unauthorised access. Failing to do so can result in legal action and a damaged reputation.

Business owners understand that avoiding these risks largely depends on their ability to protect their data in the cloud. And right now, the best way to accomplish that is by using the strongest encryption tools available.

What is in store for the future?

Many organisations have taken stringent measures to protect data at-rest. And although securing stored data is necessary; it’s time for small- to mid-sized businesses to show similar dedication to protecting their data when it’s at its most vulnerable — while it’s in flight.

With nearly 50% of Australian businesses embracing private and hybrid cloud infrastructures; the need for stronger in-flight encryption in the cloud looks certain to grow in the near future. In short, secure connectivity with in-flight encryption at the physical layer will play a central role in cloud security; and managed services providers who can offer those technologies alongside their cloud services; will be highly sought after in the years to come.

If there’s one thing we cloud service providers would like to impart to our clients; it’s that although cloud architectures change, the need for encryption stays the same. Regardless of which cloud encryption systems you need, Empower IT can provide them.

Use our in-flight and at-rest encryption systems to keep your data safe from hackers, unauthorised personnel, and even your administrators. You deserve the best in network security, and you can have it all by contacting us today.