Feb 17, 2015

Cloud computing: What is client-side encryption?

What is client-side encryption when it's mentioned in the same breath as cloud computing, and what kind of security does it offer?
There are three issues when it comes to this: first is whether your data is encrypted at the originating point, how it is transported over the Internet, and whether it is encrypted at the destination. In the days of yore pre-cloud, you owned all your network infrastructure and could ensure that all your data that needed to be protected with encryption could pass through your company-owned equipment.

With the cloud though, you have two new wrinkles. First, over the big bad Internet, there are lots of bad actors that can tap into your data transfer and so it is important to keep the data encrypted during transit. And second, once your data gets to the cloud, it should stay encrypted because you are keeping it on Somebody Else's Servers.

So client-side encryption makes sure that these things happen, and you are somewhat protected.

Of course, all the encryption in the world isn't going to help if someone can grab your computer BEFORE it encrypts your data -- this is what happened to the owner of Silk Road, who was sitting in a public library with his laptop open when the cops came in. That is how they found out his identity. But that will be another story for another day....

"Client-side encryption is the cryptographic technique of encrypting data before it is transmitted to a server in a computer network. Usually, encryption is performed with a key that is not known to the server. Consequently, the service provider is unable to decrypt the hosted data. In order to access the data, it must always be decrypted by the client. Client-side encryption allows for the creation of zero-knowledge applications whose providers cannot access the data its users have stored, thus offering a high level of privacy."
Answer this