Adequate Encryption in the Cloud

Posted by: Collin Gaines

April 20, 2015

pad-lockPrivate cloud networks suffer some of the same privacy issues that public cloud networks are battling. Not all private cloud networks are “on-premise,” many utilize companies such as Amazon, to provide them with the technology to operate their network. Data is still traveling over the internet but in-house technology professionals manage the control of the network. Encrypting data in-house does provide many benefits in that companies may enjoy the use of a cloud without worrying about third party attacks.

Those who use cloud computing must understand that they may compromise security and relinquish absolute control of their data, when turning over privileged information to third-parties such as cloud storage providers. Under current law, third-parties may voluntarily provide government officials with client sensitive documents and the “law has always been slow to catch up with technological advances .” Therefore, people using electronic digital communication devices such as laptops, computers, Smartphone’s and cell phones have security vulnerabilities regarding essential personal information. For example, the world wide web has become prone to hacking and scamming incidents, which has resulted in high levels of privacy invasions.

Encryption is a security feature that some modern devices implement and run, in addition to password protected applications. When sophisticated encryption renders devices “uncrackable” because of the length of time in which it will take to crack the password via brute force attack . Encryption strengths are rated based on how long the data will be kept safely. Secure Electronic commerce transaction, the bank and relevant personal data being transmitted is no longer usable in a short period of time. A 128-bit encryption key is a sequence of 128 bits. 128-bit encryption would take a longer to crack than the personal data is usable so its considered secure for those transactions. For top secret data a higher level of encryption is needed, 256-bit AES encryption. This is because Top secret data is important for longer. Without knowing the privacy implications, users are increasingly accessing information via sources that are not encrypted. There are specifically 5 different types of data which should be encrypted, (1) Financial Data, (2) Personal Health Data, (3) Private individual data, (4) Military and government Data, and (5) Personal Health Data.

  • Financial data: Financial data is important to both individuals and business to keep secure. This data includes credit card numbers, bank account numbers and financial statements, and most importantly for public companies financial reports.
  • Personal health data: Individuals typically believe health records to be extremely sensitive. Health data includes health insurance records, medical records, and personal information related to specific patients of a hospital. Hospital and doctors offices general have social security numbers, addresses, and other private data on their patients.
  • Private individual data: Personal data includes anything an individual would not want to share with the world like Social security numbers, addresses, and phone numbers.
  • Military and government data: The Federal Government, Military departments and State Governments should take great strides to keep their sensitive data confidential.
  • Confidential/sensitive business data: Confidential/sensitive business data is any data a individual or company wishes to be kept secret.

Therefore, users should consider consulting with recipients as to the transmission of highly sensitive information to insure the protection of recipients data on cloud servers from inadvertent disclosure by using encryption.

Also, The Electronic Communications Privacy Act of 1986 fails to provide any additional legal security to electronic communications that are stored on private cloud networks. The Electronics Communication Act’s original intention was to increase the strength of the existing constitutional privacy protections in accordance with the private electronic communications. It becomes a crime to procure or intercept electronic communications unless when allowed by the law or as an exception to ECPA. Basically, it specifies law enforcement access to electronic communication and related data, offering privacy protection to all subscribers of the current wireless and internet technologies. In this case, “third parties” is a term used to refer to private citizens as well as government actors. To offer maximum protection, the Act protects electronic communications that are either in temporary storage for successful transmission or is in transit.

Therefore, adopters of private networks should encrypt their data and hire a competent professional to set up their cloud network because a misconfigured network could lead to the network leaking sensitive data such as credit card numbers or nude photos.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s