‘Sealed’ data: Achieving privacy and governance in the cloud
Tue 10 Nov 2015
Before his keynote address at Cloud Expo Europe, Frankfurt, The Stack spoke with Dr. Hans-Joachim Popp, CIO of German Aerospace Centre (DLR), who proposes newly developed ‘sealed’ cloud technologies as the answer to an effective data protection strategy.
“Many thinkers predict the extinction of privacy in the digital age,” says industry veteran Dr. Popp, who contends that our digital future will demand greater protection of personal information stored and processed in the cloud.
Current data protection practices, Popp explains, largely involve controlling the amount of data and its format when it is recorded. However, he suggests that once that data has been stored, the control over how it is used and managed becomes “less than marginal.”
According to Popp, “there is virtually no protection in place against unwanted use of information in any common database system.” He argues that many users, administrators, data processing personnel and even end users, are seemingly accepting of this lack of security. Popp refers to many organisations in the “cloud space” who do not attach enough importance to data privacy – an oversight which can lead to misuse and harmful public scandals. At the other end of the spectrum, he adds that “obsessive preoccupation with data protection can often inhibit companies from achieving beneficial deployment use cases.”
Popp proposes a ‘sealed’ strategy to balance the growth of big data and the need to implement tighter data protection. Sealing is a patented technology, developed as part of the Trusted Cloud Initiative, which stores data in ‘sealed’ data centre infrastructure. The information is encrypted and placed in a detailed access control system, which only makes data available from memory to an authorised individual if enforced policies are complied with. This demands consistent adherence to data protection requirements, such as those which request that the data is accessed anonymously or for a certain amount of time before being destroyed.
In a ‘sealed’ environment, rules are programmed to a dataset and cannot be altered in retrospect. “The technology cannot be circumvented for data recorded under a different policy. Policy and regulation can change, but these alterations only apply to future data elements – meaning that the technology can be used for managing extremely sensitive data,” explains Popp.
Rather than simply preventing data leaks during capture, employing ‘sealed’ technologies allows for controlled data protection during processing and analytics too. Popp describes that this discipline enables applications to benefit from huge data input, without taking away usage control from the originator.
“Only a small fraction of big data analytics’ future potential is actually being achieved. As an increasing amount of misuse cases become known to the public and their negative consequences are seen by everyday users, trust in cloud providers who handle serious data loads will falter,” says Popp. “Using technologies that prevent misuse is therefore an important step against this negative trend.”
Looking at the technology available now, Popp suggests we will see a growth in encrypted tunnels for peer-to-peer data transfer on the one hand, and a widespread use of public clouds for freely accessible data on the other. “As data is becoming more valuable, the control of access will become crucial and ‘sealed’ technologies are a way to enable this,” he continues.
“‘Sealed’ infrastructure can mandate an end-point for the transfer of any single data element, restricting usage to exactly the purpose agreed upon.” Providing a mobile number to a taxi company for example: “You want them to use your information just to fulfill the job and ‘forget’ it immediately after you reach your destination.”
Popp concludes that as long as data usage regulation remains as weak as it is today, the only way to safely migrate datasets to a cloud application is to have that environment under direct control – “this does not mean having the storage in-house, but companies must have full auditing control over data processing.”
He recommends that SMEs considering protection options should use encryption services within their trusted professional community. He adds that businesses should also look for providers under the same governmental control and who take special care over privacy issues.