FeatureBring your own encryption: balancing security with practicality
Section snippets
Untrustworthy instincts
The second lesson still being learned is never to fully trust to instinct in security matters. It is instinctive to obey instructions that appear to come from an authoritative source, or to respond in an open, friendly manner to a friendly approach – and those are just the sort of instincts that are exploited by IT scams. Instincts can open us to attack, and they can also evoke inappropriate caution.
In the first years of major cloud uptake there was the oft-repeated advice to businesses that
BYOK
Hot on the heels of the emergence of Bring Your Own Device (BYOD) in the workplace comes another acronym – Bring Your Own Key (BYOK).
The idea of encryption is as old as the concept of written language: if a message might fall into enemy hands, then it is important to ensure that they will not be able to read it. We have recently been told that US forces used Native American communicators in World War 2 because the chances of anyone in Japan understanding their language was near zero.1 More
BYOE
BYOK makes the best of the cloud provider's encryption offering, by giving the customer ultimate control over its key. But is the customer happy with the encryption provided?
Bearing in mind that balance between security and efficiency, you might prefer a higher level of encryption than that used by the cloud provider's security system, or you might find the encryption mechanism is adding latency or inconvenience and would rather opt for greater nimbleness at the cost of lighter encryption. In
The call for standards
So what is needed for BOYE to become a practical solution is a global, standard cloud security platform that any encryption offering can be registered for support by that platform. The customer chooses a cloud offering for its services and for its certified ‘XYZ standard’ security platform, then the customer goes shopping for an ‘XYZ certified’ encryption system that matches its particular balance between security and practicality.
Just as in the BYOD revolution, this decision need not be made
About the author
Dr Hongwen Zhang is president and CEO of Wedge Networks which he co-founded in 2005. He was instrumental in developing the high-performance architecture that provides the basis behind Wedge's security appliance, the BeSecure Web Gateway. Wedge Networks has been chosen by The CloudEthernet Forum to help lead its new Cloud Security initiative and Zhang chair of the CEF's Security Working Group. He holds a PhD in computer science from the University of Calgary, an MSc in computer
References (2)
‘Code talker’. Wikipedia
Microsoft Azure, home page
Cited by (3)
Regulations and standards in public cloud: A centrally driven technique for subscribers
2020, Journal of Information Technology ResearchSECURECONFIG: NFC and QR-code based hybrid approach for smart sensor configuration
2017, 2017 IEEE International Conference on RFID, RFID 2017Bring your own key for the industrial Internet of Things
2017, Proceedings of the IEEE International Conference on Industrial Technology
About the author
Dr Hongwen Zhang is president and CEO of Wedge Networks which he co-founded in 2005. He was instrumental in developing the high-performance architecture that provides the basis behind Wedge's security appliance, the BeSecure Web Gateway. Wedge Networks has been chosen by The CloudEthernet Forum to help lead its new Cloud Security initiative and Zhang chair of the CEF's Security Working Group. He holds a PhD in computer science from the University of Calgary, an MSc in computer engineering from the Institute of Computer Technology – Chinese Academy of Sciences (Beijing, PRC), and a Bachelor of Science in computer science from Fudan University (Shanghai, PRC). Zhang is a co-inventor and holder of several patents in the area of computing and networking. Prior to establishing Wedge Networks, he was a co-founder of the 24C Group, which pioneered the first digital receipts infrastructure for secure electronic commerce.