Searchable Symmetric Encryption - The Future of Cloud Security

Feb 10, 2021

(Adapted Spanish version in the Cyber Security World Expo newsletter by CloserStill Media can be found here).

Cybersecurity has become a top priority for corporations due to the core role of digital systems in our daily lives and the increasing amount of data volumes. The Solarwinds hack was just another clear example of that. However, even if being a top priority, we are seeing an enormous increase of data breaches and leaks. And while laws are slowly catching up with more and more data protection regulations being introduced, like GDPR in the EU, the majority of businesses are struggling to protect their systems adequately, mostly due to the lack of knowledge, resources and missing solutions on the market.

A recent report stated that global cybercrime damage is to hit $6 trillion annually by the end of 2021. One of the reasons for that is that businesses, especially small and medium sized ones (SMEs), making up 43% of all cyber attacks, are not able to afford the investments into adequate security solutions or lack the knowledge, and are therefore also falling under the average of a ransomware attack every 14 seconds.

If we take a look at where the problem might stem from, we see that currently 98% of all database and cloud providers are using some sort of deterministic encryption (meaning decrypting information in the cloud in order to access it), which is proven to be not the most secure form. And while data and cloud usage are augmenting almost exponentially, contributing to having close to 50% of all our data in cloud environments by 2025, we are facing a serious issue here without having a clear solution to date.

If we dive into new solutions to tackle this, we see that the answer is simple and complex at the same time. Simple, as current ways of handling our sensitive data shows clearly to be not enough to keep our data secure. This is also why in 2020 alone we saw more than 36 billion data records exposed. Complex, as data held securely at rest in cloud environments still needs to be decrypted by database or cloud providers in order to be worked with, leaving it vulnerable to potential theft, breach or disclosure. It is true that most cloud providers use SSL (protocol protecting data in transit), but there are these intersections in which data is left vulnerable without protection.

Without a doubt, the ideal solution to achieving an optimal balance of data security and functionality within the cloud involves the client having the ability to search and operate on data while it is in encrypted form. New techniques such as Fully Homomorphic Encryption (FHE) and Searchable Symmetric Encryption (SSE) have arisen to make this a reality. FHE supports computations over data in encrypted form, but an efficient form of FHE remains some way off, meaning this technology is available, but it is sadly still not scalable from a performance and efficiency standpoint. SSE however, despite being a relatively obscure form of Cryptography, is now at the point that it can be deployed and used within the cloud showing a significantly better performance than FHE. SSE is still not as fast as Deterministic Encryption, which the majority of cloud providers use, but a decent intermediate solution from a security standpoint. On the flip-side, current SSE schemes are still not perfect and are known to show leakages when being worked with.

So then, what encryption technology is best to use in the cloud?

Well, there are few novel tech companies out there which made it their mission to solve the global data breach nightmare we are all facing. One of them is Vaultree, a promising startup from Ireland which, in the field of searchable encryption, wants to go one step beyond existing and current technologies and allow any company to work on fully encrypted data in any kind of database or cloud environment, inhibiting exactly these mentioned flaws which lead to billions of lost data records.

Vaultree has developed a proprietary encryption technology using the highest security and encryption levels from FHE but the performance and efficiency standards from SSE. Their board of advisors, being from the likes of Microsoft, Nubank, Cisco and Trend Micro, proves that their solution has reached a state to be not only commercially viable but also scalable. They have been testing their technology against other encryption schemes and it proves to be superior, and in that way allowing companies to process, read and write sensitive data records without decrypting the underlying plaintext - at highest performance levels.

In a nutshell, Vaultree is developing a cloud storage with client-side and end-to-end encryption in which users of their service can encrypt data on their side and store the encrypted data whilst allowing ongoing operations on them in a fully encrypted manner. Interesting is that Vaultree and even the cloud provider do not have access nor can see the data, the private key remains with the client. Further insights into their features show that their ingineous approach not only means a simple integration process but also allows for businesses to scale up operations at rapid speed. This allows Vaultree’s solution to grow sustainably not only with businesses of any size but also fast growing operations. Ensuring a user friendly and simple set-up gives users without a technical or infosec background the freedom to use their solution too. This allows Vaultree to reach a broad spectrum of small and medium sized businesses which are currently without an accessible and solid solution at hand.