Data at rest encryption in the cloud is a powerful technology with a downside: with present- state of the art solutions the confidentiality and protection of data in the cloud ultimately remains always a trade-off between confidentiality and availability of data. Although there are application and data specific exceptions, computers can currently only process data that is not encrypted. Parts of the confidential data must always be in cleartext in RAM, – even the necessary encryption keys!
Until first April 2014 most decision makers and IT specialists had probably believed that this is a purely theoretical security gap. After Heartbleed it became finally clear to everyone that cleartext in RAM it has “unpleasant” consequences if an attacker can gain access to it. But all is not lost. My new research note “Enabling High-Risk Services in the Public Cloud With IaaS Encryption” tells you what useful things data at rest encryption in the cloud can do for you and guides you in picking the sweet spot for your data in the cloud by selecting the encryption key management strategy.
P.S. Access requires Gartner GTP subscription.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.