Adopting encryption to protect confidential data in public clouds: A review of solutions, implementation challenges and alternatives

Abstract

A shift towards use of public cloud services is ongoing and more and more enterprises will start to use them in the near future. As public cloud services certainly promise to deliver many benefits, this new way of delivering services also introduces new types of risks. Due to the NSA’s surveillance programs, non-US enterprises need to reassess the risks of public cloud services provided by US companies and look for available solutions to protect their confidential data transferred and stored in the cloud. Encryption is seen as a solution to help enterprises full fill the requirements related to security and privacy, but is often challenging to implement. Encryption has its own security problems, like key management. Some cloud service providers have also announced that they are improving their security by encrypting all communications and other information flowing into their data centers. This paper will explore the common encryption solutions available on the market for enterprises to protect their confidential data transferred and stored in the cloud. In this paper we will review possible challenges enterprises may face while implementing these solutions and if these challenges play a role in the decision to use a public service. We will review also alternatives for data encryption.