mlryan blog
My thoughts on the IT industry.
Monday 23 July 2007, 12:05 PM
Trusting a supplier with your confidential data
During the Postini takeover discussion, a lot of the community members do not seem to trust a supplier to keep secure their confidential data. For example using a hosted email service would fail the test since confidential business communications are sent using such a service.
I wonder what proportion of businesses routinely require all external email to be sent only via encrypted emails? Not many - due to a lack of standard technologies.
I also wonder how many hosted application providers commit to storing only encrypted data. Is it beyond the realm of possibility for a supplier to only allow encrypted communications between the customer and their infrastructure. HTTPS is a reasonably robust and secure mechanism for the transmission of data. But if suppliers were to add to that encryption of all data *stored* in their data centre, then where is the issue? The data stored can only be accessed by the customer because only they can transmit the keys that are used to decrypt it, manipulate it and re-encrypt it ready for transmission back to the customer.
The confidential data stored by the supplier is only ever held in plain text format in the memory of applications which are acting on it. These applications can only do that when the customer is explicitly connected and has authenticated and provided the keys that allow the data to be decrypted for processing.
Therefore, no amount of stealing of laptops, servers, backup tapes, etc, from the supplier, or of hacking in to their data centre, etc, will give you access to the confidential data they are storing on behalf of their customers.
What am I missing?
I wonder what proportion of businesses routinely require all external email to be sent only via encrypted emails? Not many - due to a lack of standard technologies.
I also wonder how many hosted application providers commit to storing only encrypted data. Is it beyond the realm of possibility for a supplier to only allow encrypted communications between the customer and their infrastructure. HTTPS is a reasonably robust and secure mechanism for the transmission of data. But if suppliers were to add to that encryption of all data *stored* in their data centre, then where is the issue? The data stored can only be accessed by the customer because only they can transmit the keys that are used to decrypt it, manipulate it and re-encrypt it ready for transmission back to the customer.
The confidential data stored by the supplier is only ever held in plain text format in the memory of applications which are acting on it. These applications can only do that when the customer is explicitly connected and has authenticated and provided the keys that allow the data to be decrypted for processing.
Therefore, no amount of stealing of laptops, servers, backup tapes, etc, from the supplier, or of hacking in to their data centre, etc, will give you access to the confidential data they are storing on behalf of their customers.
What am I missing?
Previous
