I got a few questions like the ones below that I’d like to address to avoid further confusion.
How exactly secure is ClouSE for MySQL, the first secure database in the cloud? Am I protected against standard application level security attacks or even accidental admin mistakes?
With the help of ClouSE I get instantaneous backup for my database on the highly durable cloud storage. But how would I protect my data in case a malicious attack or an accident did occur?
I’ve got a comment pointing out that data encryption on the storage level doesn’t protect from SQL injections. Of course, data encryption does not protect from SQL injections (as long as there is SQL involved, there will be a risk of a SQL injection). Neither does it protect from the infinite number of attack vectors that can happen at any layer of the application stack: PHP, Apache, MySQL, Linux, application code, application users, etc.
Want to learn how you can store your sensitive data in the cloud storage? Take a look at the thorough and honest security analysis of the approach you can take to deploy your existing MySQL workloads to cloud.
keep reading in August issue of Hackin9 security magazine.
I think that the data confidentiality concerns are very real. Cloud security is getting better every week as cloud providers are putting more layers of protection to increase data safety in the cloud. Unfortunately, layers of protections are less effective when it comes to data confidentiality. That math simply works against it: to compromise data safety each layer of protection must be compromised; to compromise data confidentiality it’s enough to compromise just the weakest one to leak the data (thus adding more layers doesn’t necessarily increase data confidentiality and may in fact decrease it).
The only technical solution to data confidentiality is to encrypt the data before it gets to the cloud to make sure that only you and / or the people that you personally know and trust have access to the key (I’m sure those guys in the cloud datacenter are nice guys, but I’m just not ready to share all my information with them, sorry).
There are solutions available today that provide solutions to data confidentiality by using encryption. If you want to use the cloud as a file share, Nasuni may be a good solution. If you want to use the cloud as MySQL database, OblakSoft ClouSE may be a good solution. Such solutions help to adopt the cloud one-step-at-a-time and see what it’s like.