… or, the lack of it.
A recent discussion at a customer made me having a closer look around support for encryption in the context of XaaS cloud service offerings as well as concerning Hadoop. In general, this can be broken down into over-the-wire (cf. SSL/TLS) and back-end encryption. While the former is widely used, the latter is rather seldom to find.
Different reasons might exits why one wants to encrypt her data, ranging from preserving a competitive advantage to end-user privacy issues. No matter why someone wants to encrypt the data, the question is do systems support this (transparently) or are developers forced to code this in the application logic.
IaaS-level. Especially in this category, file storage for app development, one would expect wide support for built-in encryption.
- Amazon’s S3 indeed provides server-side support for encryption
- Google Storage does not encrypt files
- Same for Rackspace’s Cloud Files – no encryption, ATM
- As well as for Microsoft’s Azure storage – not encrypting files
- And last but not least, HP Cloud’s Object Storage is in good company by not supporting encryption
On the PaaS level things look pretty much the same: for example, AWS Elastic Beanstalk provides no support for encryption of the data (unless you consider S3) and concerning Google’s App Engine, good practices for data encryption only seem to emerge.
Offerings on the SaaS level provide an equally poor picture:
- Dropbox offers encryption via S3.
- Google Drive and Microsoft Skydrive seem to not offer any encryption options for storage.
- Apple’s iCloud is a notable exception: not only does it provide support but also nicely explains it.
- For many if not most of the above SaaS-level offerings there are plug-ins that enable encryption, such as provided by Syncdocs or CloudFlogger
In Hadoop-land things also look rather sobering; there are few activities around making HDFS or the likes do encryption such as ecryptfs or Gazzang’s offering. Last but not least: for Hadoop in the cloud, encryption is available via AWS’s EMR by using S3.