by Pascal Bauler, Daniel Heinesch, Antoine Schlechter and Fernand Feltz
Cloud adoption is slowed down by a lack of confidence in the proposed cloud platforms. We first summarize the research activities on confidential and user-friendly data management for Cloud environments. Then we present Luxdrop, a solution that offers secure and transparent cloud solutions by combining security aspects with advanced tracing and visualization possibilities.
Despite the momentum of Cloud Computing and the predicted growth rate of this market segment, the domain faces controversial discussions and security issues. By moving IT solutions to the Cloud, geographical and organizational borders vanish. As a consequence, cloud customers have to precisely analyse their IT solutions and especially their data management in order to decide on the required levels of confidentiality. This analysis is even more complicated if the Cloud provider and customer are under different legislations. The complex legal context and the underlying security concerns are the major causes of the slowdown in cloud adoption. Research activities at the Centre de Recherche Public – Gabriel Lippmann address these concerns by designing a user-friendly management platform for confidential data in the Cloud.
A recent study by the Fraunhofer Institute [1] identifies three mandatory core features to manage data objects in the Cloud: Data sharing between multiple users, Data replication with online and offline access to the data, and automated versioning of the data. Recent customer communities and expert studies [2], [3] identify data related security concerns as a major concern in cloud adaption. In this context, the data objects can be classified into three different classes depending on their privacy and criticality:
- Private data, which are only accessible by the owner. The data are typically private information which should never be accessible by a third party
- Open data on the other hand are accessible by everyone and no privacy constraints are applicable
- Confidential data can be shared with well identified, trusted persons but are not designated for large scale distribution.
This classification is applicable to physical documents and objects in the same way as to digital data managed in a cloud-based data store. In a classical use case, private documents are mainly stored in a personal safe with access limited to the owner of the safe. Public documents are largely available and accessible to everyone typically within libraries or book stores. Confidential data are also stored in a safe but access to this safe is granted to selected individuals. However any access to this safe is properly managed, monitored and traced.
Independently of the above mentioned classification every data owner has to decide on the level of trust to place in the safe provider. In practice, the user has to decide whether or not to hand-over a duplicate key to the safe provider.
In the context of the LuxDrops research project, these different classes of data are mapped to cloud storage. The management of public data in cloud based environments is trivial and requires no further discussion. On the other hand the management of private and confidential data raises several questions which have to be addressed. As summarized in [1] the key concern is mainly user authentication. This concern can be partially addressed through strong passwords in the context of private data. However, a password based approach is not really secure when working with confidential data shared among trusted persons. Shared passwords can be easily leaked and security breaches cannot be easily identified and traced. As a consequence, specific issues have to be addressed when managing shared confidential data in the Cloud:
- Email based user authentication might not be sufficient to manage confidential data
- Legal requirements applicable to the cloud provider and customer have to be considered
- Access management, monitoring and tracing are only partially available and no appropriate visualisation tools are available to correctly manage the storage space and identify issues.
The LuxDrops platform implements the core features of a storage platform as mentioned by the Fraunhofer Institute. In contrast to existing solutions, the LuxDrops platform offers advanced sharing, replication and versioning features specially adapted to manage confidential data:
Reliable user authentication is guaranteed through LuxTrust certificates, which are heavily used by the Luxembourg banking industry. Other types of certificates can be easily integrated on request.
The storage platform can be deployed on-premise or in the context of local Cloud offerings. By locating cloud provider and customer in a same country, legal aspects are easier to handle.
Innovative visualization tools improve the traceability and transparency of the overall solution. Key visualization features are: an intuitive multi-dimensional search engine and a meta-data browser to visualize access rights. A first design of the meta-data browser shows the access rights at file/folder or at user/groups level and also provides statistical overviews.
Depending on the level of trust put in the cloud provider the customer can activate client side data encryption.
The LuxDrops solution aims to increase confidence in Cloud based storage solutions. A first version of the LuxDrops prototype will be made available during the second quarter of 2013 and will be evaluated by selected pilot customers.
References:
[1] M. Borgmann, et al: “On the Security of Cloud Storage Services”, Fraunhofer SIT – Technical Reports, 2012
[2] E. Sweeney: “Industry Recommendations To Vice President Neelie Kroes On The Orientation Of A European Cloud Computing Strategy”, 2011
[3] D. Bigo, G. Boulet, et al: “Fighting cyber crime and protecting privacy in the cloud”, European Parliament, Policy Department C: Citizens’ Rights and Constitutional Affairs, 2012.
Please contact:
Pascal Bauler, CRP – Gabriel Lippmann, Luxembourg
E-mail:
