Enhanced trust and data integrity in the public cloud

The CIO-level business angle on the latest tech

Can you trust the integrity of applications and data in the public cloud? Certainly trust is a crucial factor for the successful use of cloud computing by any organization. If you are going to allow another entity to process and/or store your data, you need to know whether or not someone has intentionally or accidentally compromised that data in any way.

Unfortunately, security breaches from both internal and external threats can happen at multiple levels of technology and in any computing environment. Many breaches go undetected as cyber criminals erase their digital tracks or are unreported as administrators cover up their accidents and misbehavior. As a result, your data and applications can be changed or compromised, and you may never know it.

Now there is a new solution that builds keyless signatures into the public cloud infrastructure to provide enhanced trust and integrity. The solution is jointly delivered by data integrity provider GuardTime and cloud computing provider Joyent. The companies’ partnership enables enterprises to safeguard their most valuable assets in the cloud: code, logs and data. The solution delivers completely auditable and forensic quality logs and proof of data integrity for stored or archived data. In addition, it can prevent unauthorized applications from running.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Can you trust the integrity of applications and data in the public cloud? Certainly trust is a crucial factor for the successful use of cloud computing by any organization. If you are going to allow another entity to process and/or store your data, you need to know whether or not someone has intentionally or accidentally compromised that data in any way.

Unfortunately, security breaches from both internal and external threats can happen at multiple levels of technology and in any computing environment. Many breaches go undetected as cyber criminals erase their digital tracks or are unreported as administrators cover up their accidents and misbehavior. As a result, your data and applications can be changed or compromised, and you may never know it.

Now there is a new solution that builds keyless signatures into the public cloud infrastructure to provide enhanced trust and integrity. The solution is jointly delivered by data integrity provider GuardTime and cloud computing provider Joyent. The companies’ partnership enables enterprises to safeguard their most valuable assets in the cloud: code, logs and data. The solution delivers completely auditable and forensic quality logs and proof of data integrity for stored or archived data. In addition, it can prevent unauthorized applications from running.

In the joint solution, GuardTime brings the digital signature technology to the table. GuardTime maintains and operates a global infrastructure similar to DNS. There are multiple nodes around the world and it’s a hierarchical and distributed infrastructure. The lowest level of the GuardTime infrastructure is a GuardTime Gateway which operates on a virtual machine. This means that any data in the cloud can go through a GuardTime Gateway and the gateway can electronically sign the data in the cloud with a keyless signature.

The signature proves three things: the time that the data was signed; that the data has not been changed or tampered with since the time it was signed; and what entity or process signed the data.  Most important is that the process does not use cryptographic keys and that the signature is solely based on mathematical hashing algorithms. Therefore there is no need to trust a third party to manage your keys and no fear of having a third party surreptitiously compromise those keys.

As a hosting provider, Joyent offers customers the use of SmartMachines—virtual private servers that are optimized for software applications. For this particular solution, Joyent provisions a SmartMachine to host an application such as email, backup, e-commerce, and so on. This SmartMachine is GuardTime “signature ready,” where any data, log, or code on the SmartMachine can be signed to provide data integrity.

Each of the signatures for these items is stored with the SmartMachine, either alongside the data or within the data sets. The signatures can be automatically verified via a user interface provisioned by Joyent or via the Integrity Code published in the Financial Times, and the signatures can be mathematically proven to be accurate, thereby proving the data, logs or code have not been changed or tampered with.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.