Moving data and processes into the cloud has proven incredibly advantageous for many companies’ operations. That is unless the cloud proves to not be safe. Having a safe and secure cloud is especially important for companies entrusted by their customers to hold large amounts of very sensitive information.
To this end, Microsoft researchers have created a new technology for adding an extra layer of security in the cloud for such companies. It is called Verifiable Confidential Cloud Computing, or VC3. The main idea of it is to keep as data encrypted as much as possible when it is in the cloud. VC3 does this by storing encrypted data in a virtual lockbox that can only be accessed with secure hardware managed by VC3.
Microsoft explains on its blog how it would work with this example:
“Let’s say a financial services company wants to access a number of clients’ personal financial records to make a complex series of calculations in the cloud… To make the calculations, the client’s data is loaded into the secure hardware in the cloud, where the data is decrypted, processed and re-encrypted.
No one else – including the people who work at the company running the cloud-based service – can see or access the data. That ensures that the data is secure even if the provider has a bad actor in its own ranks, or if someone else has managed to gain access to the provider’s system.
It also guarantees that no one else could get in and manipulate the results of the calculations, saving the company and its clients from any possibility of financial damage.”
The announcement of VC3 by Microsoft Researchers took place Monday at the Institute of Electrical and Electronic Engineers (IEEE) Symposium on Security and Privacy in San Jose, California.
Microsoft researchers are also making a number of other papers available today in addition to their announcement of VC3. They include a research on Transport Layer Security, verifiable computation, privacy concerns in 3D web browsing, and other security issues.