Compliance with regulations like HIPAA and PCI DSS has made some enterprises wary of procuring cloud computing storage for sensitive data. In most cases, obtaining ample cloud security is a matter of finding an experienced provider that is transparent about data handling practices and certifications and that has reliable infrastructure. Fortunately for hardware vendors, the cloud may ultimately become safer due to new measures that guard against memory-based attacks.
Enterprises that are new to the cloud may have the unrealistic expectation that any provider they choose will provide comprehensive data security. A recent Gartner study found that many cloud service-level agreements are not transparent about the cloud supplier's security obligations, meaning that businesses often must take data protection into their own hands. For example, Computerworld's Steve Pate recommended self-encryption of data and retention of keys.
In a piece for TechZone360, senior editor Peter Bernstein referred to the gap between provider and customer security liability as a "donut hole" that enterprises should seek to close when procuring cloud computing services. He also stressed the importance of ensuring that potential providers are aware of any changes to regulatory legislation.
While cloud security is often a matter of scrutinizing providers, it may be getting a hardware-side boost. According to InformationAge contributor Chloe Green, MIT researchers have been honing a tool that can obfuscate memory access patterns, the methods by which CPUs call stored data. In theory, if a malicious party knew the IP address of a virtual machine, it could eventually trace performance patterns and node paths to decrypt stored data.
"We argue that fundamental risks arise from sharing physical infrastructure between mutually distrustful users, even when their actions are isolated through machine virtualization as within a third-party cloud compute service," explained the researchers.
The solution, called "oblivious RAM,"creates a new access data path each time while not compromising processor performance.