Securing Data in the Cloud: Approaches & Importance

Instructor: Lyna Griffin

Lyna has tutored undergraduate Information Management Systems and Database Development. She has a Bachelor's degree in Electrical Engineering and a Masters degree in Information Technology.

In this lesson we will understand what it means to secure data in the Cloud. We will examine the security of data at rest and data in motion. We will look at how encryption is used in securing data at rest and the application of security protocols for securing data in motion. We will understand the different processes entailed in maintaining encryption keys and the importance of data transaction auditing.

What Is The Cloud?

The Cloud is the storage space for data and programs, that can be accessed over the internet and is not local on a computer's hard drive or some removable drive.

Securing Data On The Cloud

There are two states of data. Data at rest (referred to as data in storage) or data being processed or transmitted (referred to as data in motion). Either way data must always be secure. Securing data in cloud computing involves tools and techniques employed in securing data when in any of these two states. Today cloud storage serves data sharing applications as well as marketing, human resources, banking and finance, and other software applications.

Data Encryption (Securing Data at Rest)

Data at rest is normally stored within the application being used on the service provider's data center. Security is achieved through a process called data encryption. Cloud encryption is a service provided by the storage provider in which data or information is encoded in a manner that prohibits the data from being read when stolen or intercepted. It is transformed into cipher text (non-plain text) format. The encoding is achieved using mathematical algorithms. There are two encryption methods: symmetric (private key) and asymmetric (public key).

Symmetric key cryptography (symmetric encryption) involves using identical keys in the encryption and decryption processes. Asymmetric key cryptography(asymmetric encryption) on the other hand, makes use of a pair of keys. One is a secret key and the other is a public key. The public keys can be shared but the private keys are kept secure. Both keys are linked to each other by a mathematical formula, making the pair of keys work together, to achieve data integrity, confidentiality and authentication.

Security Protocols (Securing Data in Motion)

In the lesson we will look at 3 common protocols employed in cloud data security.

TLS (Transport Layer Security)

The Transport Layer Security (TLS ) protocol has in-built components that allow cloud-based applications to securely communicate over the cloud. Control of the data is maintained in all data states. With TLS a request when sent to the Google cloud service, for example, is secured throughout the transmission process using HTTPs protocol. A secure certificate is used from a public certificate authority. For example, when we access our Gmail accounts from the cloud we are required to go through a login process. The login is done via a secure virtual server and the user is issued a unique digital certificate. The certificate identity includes the users device specifications, IP address, MAC address, browser specifications and the resource being accessed. When the user logs in from a location not previously identified by the system, we often get a login alert email stating that someone tried to login into your email from X IP Address located in X country from X type of device. These identity parameters ensure the use of an authentic certificate, preventing malicious breaches by cloned systems.

Secure Shell Protocol

Secure Shell Protocol (SSH) is an encrypted protocol that enables clouds and network services operate securely (in a shell) in an 'insecure' environment within service client frameworks. An SSH client connects to an SSH server. This is particularly useful in remote access situations. There are two types of SSH protocols SSH1 and SSH2. Any network may receive encrypted data using SSH1 but SSH2 is very important in cloud computing. It provides secure communication even if the client is in an environment with direct exposure to threats.

Internet Protocol Security (IP Sec Security)

Internet Protocol Security (IP Sec Security) is designed to secure IP communications in the cloud. Communication sessions comprise different data packets and IP Sec ensures authentication and encryption for each transmitted packet. It also ensures authentication, each time cryptographic key negotiations take place. IPSec provides security support for HTTP, IMAP and SMTP environments which are important to cloud based application functions.

Encryption Key Management

Encryption Key management involves all tasks and activities involved in the protection, storage, backup and administration of encryption keys. Irrespective of the types of keys in use they must be securely stored and protected. Keys that are stolen, lost or corrupted have huge organisational implications. These losses can result in the loss of access to critical systems and data as well as rendering a system unusable.

Encryption key management activities span the life cycle of the encrypted key, from creation through use, to retirement and deletion. As a general management rule, the more sensitive the data that is being secured, the shorter the life cycle of the encryption key. As such, highly sensitive data are secured by encryption keys with very short life spans.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account