Cloud Collaboration: Maintaining Zero Knowledge across International Boundaries
Blog Article Published: 11/20/2013
The increasingly global nature of business requires companies to collaborate more and more across borders, exchanging all manner of documents: contracts, engineering documents and other intellectual property, customer lists, marketing programs and materials, and so on. Unfortunately, the combination of recent NSA revelations and new European regulations are likely to make the challenge of securing business data even more difficult than it already is.It is therefore likely that new approaches will be needed that more easily allow trust across borders for confidential document exchange. Evolving Regulatory Environments Data shared across national boundaries may be subject to multiple legal frameworks depending on the nature of the information. The regulatory environment in the European Union is evolving significantly, with countries working to update their laws and regulations to protect citizens’ electronic data, even when it is held outside the EU. This includes almost everything a person might post to the Internet, including photos, blogs and so on. The concern is that the EU will strengthen their regulations to a level that will be extremely difficult and expensive for companies to comply with. There is currently an agreement with the EU(“Safe Harbor”) that US companies can voluntarily participate in if they are holding EU citizens’ data. That agreement could be replaced by much more stringent requirements, though they will not take effect before 2016. US companies are required to implement a number of protections for citizen data under the EU agreement, and there is no provision that allows them to release personal data to the government. All of these developments were in play before the Edward Snowden revelations took place. Since then, European attitudes on data privacy have hardened even further.In the meantime, attitudes in the rest of the world towards US-based service providers have also soured. To make matters worse, the Snowden information leaks not only exposed “NSA snooping”, it also raised suspicions that some vendor equipment and standardized algorithms may have been compromised with backdoors or weaknesses. New Reality is Impacting Cloud Sharing Meanwhile, organizations are seeking to leverage cloud computing as much as possible for business agility and cost control reasons. The natural choice will be to use a cloud-based document sharing provider for external collaboration. A big reason for this is that business partners need to update documents, not just read them. Granting such access to data inside an organization’s data center is problematic from both a security and administrative perspective. Given this quagmire, organizations that want to use a cloud provider for external collaboration across international boundaries have two choices, both of which are problematic:
- US Provider: This is a good option for organizations that prefer to use a well-established provider, are not worried about the government or NSA accessing their content and are not concerned about equipment backdoors.But it may not be acceptable to your international business partners.
- Non-US Provider: This approach may appeal to organizations that want to allay concerns expressed by their foreign partners, especially those in Europe, about US government access to their data. However, a European operator is unlikely to be as well established as a US cloud provider, US businesses will not have any realistic leverage with them and foreign governments are known to dabble in data interception themselves. Finally, depending on who the organization is doing business with, they may face resistance from a non-European partner not willing to use a European cloud provider.
- The central (cloud-based) mediator receives enrollment requests from the various users who want to collaborate. No distinction is made between the users based on location – they can be anywhere.
- The meditator enrolls these users into a cryptographically protected group, and establishes a data repository for the documents that will be shared. Using advanced key management techniques, the relevant key material is fragmented, re-encrypted and distributed. As a result, the mediator does not end up with enough key material to decrypt anything, and each user must have the “approval” of the mediator to decrypt documents in the group repository. Note that because documents are initially encrypted at the end stations and the mediator cannot decrypt them, this architecture has removed the need for a “trusted third party” in the cloud.
- As users submit documents into the shared repository, these are encrypted and the activity logged.
- When any user tries to access a document, they submit their (cryptographically authenticated) credentials to the mediator. If they mediator concurs that the request is valid, a portion of key material is released to the requesting user. This missing key fragment plus the user’s own key material, allow the document to be decrypted.