PerspecSys: Removing a Key Security Barrier to Public Cloud Adoption
February 23, 2012
Several months ago, an IT trade publication (which will remain nameless) published an article whose title stated that public cloud security remains "mission impossible." While the article was well-reasoned and backed off from the title's hyperbolic assertion, the damage had already been done. Actually, the title should have been something more like, "Public cloud security is mission possible, but proceed cautiously."
Why do I say this? Because cloud "security" (I place security in quotes to emphasize that it may include data control and data protection issues broadly defined) requires careful technology, administrative control and regulatory planning that have to carefully address each issue as it is important to an enterprise. As an example of solving a very important security issue from PerspecSys, let's take a vendor whose solution enables enterprises to use an application running in a public cloud without also placing sensitive, personally identifiable information (PII, or information that may be used to construct the identity of an individual, including, but not limited to, full name, national identification number and credit card numbers) in the cloud.
Worldwide--most notably in the European Union, but also more and more in the United States and elsewhere--governments are preventing organizations from disseminating or storing PII improperly. Exactly what constitutes improper behavior is still evolving, but clearly one big restriction is the geographical constraint on where PII can be disseminated or stored. For example, even within the European Union, restrictions exist on transferring and storing PII across country borders--say, locating PII pertaining to German citizens in Italy or Greece.
This is a regulatory barrier that has teeth, levying notably heavy fines for violations. Therefore, an enterprise may be prohibited from using a public cloud that stores data in a different country than that in which the enterprise is located. That can be a significant problem if, let's say, an enterprise wants to use a software-as-a-service (SaaS) provider, such as Saleforce.com, for important business reasons. No go.
PerspecSys dissolves this problem, enabling the enterprise to use Saleforce.com or other SaaS applications wherever the application is run, because the PII data is stored in the enterprise's own approved geographical location (in its own or a third-party's data center). The rest of the data that the SaaS application uses can be stored in a public cloud, without regard to geographical location.
How is this possible? PerspecSys provides software, which it calls the PRS (Privacy, Residency and Security) Server, that is installed on a standard Linux-based server in a data center where an enterprise can legally store PII. A Salesforce.com user, for example, goes through the PRS Server when creating a Salesforce.com record. The non-PII information goes through to Salesforce.com untouched in clear text form, whereas the PRS Server replaces the PII clear text with anonymized data that cannot be reconstructed at the public cloud end to recreate the PII information.
There are two methods for achieving this. The first method is encryption. The encryption keys are kept by the company in the country of origin so the public cloud cannot decipher the PII. Now, while this is a technically sound method of providing privacy, and many governments approve this method, some jurisdictions are still not happy with this approach because, in some sense, the PII has still been moved and only the residency of the keys, not the PII, is with the company. In such cases, another method, called tokenization, which is all about the residency of data, serves as a strong alternative.
Every piece of PII has a randomly generated value. The value can be alphanumeric and corresponds to what the application requires for purposes of processing, such as a national identification number. This value is called a token. The real PII and its corresponding token value are kept in an index table at the enterprise's chosen processing location. Only the token is sent to the SaaS application. Now, Salesforce.com or other SaaS providers can play with this token to their hearts' content and use it in processing, but no one (not even a governmental agency that seizes the data) can reconstruct the PII data for the simple reason that it doesn't exist there.