Security and trust are still major challenges for companies in order to use the cloud. With today’s tools and concepts, businesses can reach a reasonable level of data and process security for sure (see 5 Steps for Protecting Cloud Data Security). But what will cloud security look like in the future? Researchers already prepare the next wave of security techniques. The main theme of research seems to be trust and how today’s trust issues with cloud computing and online business networks can be translated into enforcement technologies that guarantee desired levels of security. Encryption will play a central role, of course, but it will be much tighter integrated into business processes than today. Three examples of enforcement technologies show what future security architectures and mechanisms could look like.

Queries on Encrypted Databases

Usually, data encryption works like putting a letter into a sealed envelope: The data is safe, but cannot be used unless you take it out of the envelope. This property leads to a problem when outsourcing databases: If you do not trust the cloud provider, your database needs to be encrypted. This is fine for small data sets, since you can just load the data into your local memory or disk, decrypt the data, and use it. But this is not practical for larger databases since data transfers would need too long, and performing searches on encrypted databases is not possible – at least with traditional techniques. This is where security research changes the game: Search on encrypted data does work. It iscomplex, but promising.

Computer scientists have developed algorithms that encrypt data and transform queries in a way that searches can be executed without the need to decrypt any data. The results are still encrypted, but can be decrypted on the client’s site. Database administrators can access neither the data nor the query results. Researchers developed different encryption schemes with specific properties (random, deterministic, order-preserving, homomorph etc.) to support different types of queries at the maximum level of security possible. SAP researchers work on prototypes for SAP’s in-memory database SAP HANA to enable a secure database-as-a-service, taking care of optimal encryption schemes and algorithms that balance security and performance.

Multi-Party Secure Computing

Companies have always operated in networks, and close collaboration led to more efficient benchmarks, supply chains, service and maintenance processes, to name a few. The more data is shared, the better the optimization. But there is a challenge: Companies are reluctant to share data, especially when it could lead to unfair advantages for partners, suppliers or customers (for example by sharing cost schemes, utilization etc.).

Back in the 1980s, researchers have already developed concepts on how input data can be kept secret in a multi-party optimization. The basic idea of the privacy-preserving computing is to encrypt the input data and perform all computations on the encrypted data in a way that the results do not reveal any private input. These ideas can lead to a new dimension of collaborative supply chain efficiency, since it allows to perform calculations over a cloud platform, especially when neither the cloud provider nor the participating entities can be trusted, and no trusted third party can be relied on. But the old concepts of privacy-preserving multi-party computing need improvements from a theoretical and practical point of view. They were only available for a small number of optimization problems, and they were too slow for large data sets from real-world business problems.

Researchers at SAP are developing cryptographic schemes that are both secure and efficient and scale to a large problem class. (see for example Jannik Dreier, Florian Kerschbaum: Practical Privacy-Preserving Multiparty Linear Programming Based ...).

Sticky Policies

The third promising research direction is Usage Control. Normally, only the access to data is controlled by IT systems, but not the usage of this data. Nevertheless, there are certain obligations which restrict the behavior of the data processor. This might include deletion of data after a specified period, data retention, or notifications after specific events. Today, data is not only located in one place, but might move through several systems or is being replicated. That is why researchers work on techniques to attach policies about data usage and obligations directly to the data. This concept is called “sticky policies”. Technically, these policies are executed through enforcement points which intercept the data access and monitor events. This solution does not replace trust, but can be implemented according to trust assumptions regarding cloud providers, applications, and users. For instance, if the cloud provider can be trusted and data access occurs through the cloud platform’s persistency layer, obligations can be enforced through a policy aware database connector. If in addition the application can be trusted (but not its users), the scope of enforcement can be extended to the application’s local store. SAP developed application prototypes for both scenarios (see also Towards an Architecture for Privacy Policy).

All of the presented research areas help to overcome trust issues in the cloud. They all focus on specific trust assumptions and application scenarios, but will cover more and more use cases in the future. Security is often seen as a non-functional requirement to software systems.  With the mentioned research, this notion will definitely change. Security is becoming an enabling technology for the cloud to unfold its full potential. This will only happen when protection needs of businesses and end users are respected, be it in retail, manufacturing or any other industry.