locked
Private data on a public cloud challenges and best practices RRS feed

  • Question

  • So far most of our clients (online retailers and banks) have been reticent of placing any parts of theirs applications to a public cloud, although this could be a very cost effective manner to deal with temporary demand upsurge (end of month, holidays etc.)

    We could place middle tier on a cloud so that no information is persisted in the cloud, or so that only non-sensitive data is stored there.

    What are the best practices in this case? Are there any regulations that I should be aware? What are the biggest threats?

    Friday, December 12, 2014 7:07 AM

Answers

  • The best solution is to use cryptography.

    You have the choice of public key cryptography: encrypt your data with a public key, put it "on ze cloud", then when you retrieve it, decrypt with your private key. Even better, if the data only transits through you, you can only have the public key and only your client has the private key.

    Or symmetric cryptography, in which case you need the key, which will help encrypt and decrypt.

    Symmetric cryptography algorithms are much faster, but if the scenario I mentioned above applies (ie, the client can have the private key), definitely go for it: you won't even be able to read the data without the client's consent.

    • Marked as answer by Wei Chiat Monday, December 15, 2014 12:13 AM
    Saturday, December 13, 2014 12:56 AM