Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Securing Your Data in the Cloud: Key Management Hell

DZone's Guide to

Securing Your Data in the Cloud: Key Management Hell

· Cloud Zone
Free Resource

Linkerd, the open source service mesh for cloud native applications. Get the complete guide to using Linkerd and Kubernetes to build scalable, resilient applications.

When you start migrating to the cloud, you'll invariably find that you need to encrypt some or all of the data you store there. Apart from the performance hit, this seems easy. Right?

Except for this: How are you going to manage keys used to encrypt and decrypt? Because your data and your business logic (app servers) are no longer in your control, you can't just leave your keys on your app server (EC2) instances. If a hacker compromises those data keys then they can access your data. The same is true in normal in-house environments, but at least you can trust the folks who run your data center -- or at least, you can fire them or pursue them legally. If an AWS person in Tokyo goes rogue, for example, then what is your recourse?

So your data encryption keys themselves need to be encrypted. Okay, no big deal. But now where do you store the "master" keys to decrypt the data keys? And so on. Maybe you store the master keys in your non-cloud environment and call out from EC2 to get them, but now you could be subject to another type of attack. So far I haven't heard a good architectural solution, barring something like human-based two factor authentication required when starting up an EC2 instance? But now your auto-scaling is hosed.

Anyone have any ideas or see any workable solutions?

Linkerd, the open source service mesh for cloud native applications. Get the complete guide to using Linkerd and Kubernetes to build scalable, resilient applications.

Topics:

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}