IBM (IBM) has won a patent for a technique it developed to protect data prior to transmitting it to the cloud.
Big Blue's new cloud computing technology, attached to U.S. Patent #8,539,597: Securing sensitive data for cloud computing, aims to overcome cloud computing adoption solution barriers by ensuring the security of data, whether it is private or proprietary, before it is transferred for processing by cloud computing services.
IBM Endpoint Strategist and Security Architect Garreth Jeremiah, the inventor of this technology, told Talkin' Cloud that "cloud is actually an opportunity for enhanced security." He added that "customers want to gain confidence about their security and risk posture -- be it in traditional environments, or when it comes to cloud adoption."
So just how does this technology work?
The Abstract section of the awarded patent reads as follows:
"A system and associated method for securing sensitive data in a cloud computing environment. A customer system has proprietary data as a record stored in a database. The customer system associates a hashing directive with the record prior to sending the data out to a cloud for computing services. The hashing directive classifies each data field of the record into sensitive and transactional. The hashing directive controls a mode of hashing, either one-way hashing or two-way hashing for each sensitive data field associated with the hashing directive. A cloud receives the record secured according to the hashing directive and process the record to generate a result value for a cloud process result field of the record. The customer system reconstitutes the record the record according to the mode of hashing indicated in the hashing directive."
To clarify the technical details Jeremiah provided us with the following analogy:
"Consider a cloakroom attendant being given a winter jacket that comes with instructions that say the winter jacket is to be replaced by a dinner jacket," he said. "The attendant follows the instructions of the winter jacket that indicate the attendant should give the customer a dinner jacket."
He goes on: "The attendant remembers the linkage between customer, dinner jacket and winter jacket. The customer then goes into the restaurant for dinner."
"After dinner, the customer returns the dinner jacket and the attendant (knowing the linkage) returns the original winter jacket to the customer, including anything in the pockets of the dinner jacket," he said.
To put it all together: the winter jacket equals the original data with processing meta data (instructions); the dinner jacket equals redacted data; the attendant equals redector/processor; the linkage equals state, allowing the redactor to restore the original data on return from the cloud; the restaurant equals the cloud and its processing; and the pocket contents are the results of cloud processing.
This patented technology is not currently directly linked to any specific IBM solutions or services.
The company said IBM inventors are continuously working to develop new technologies that would warrant filing for additional patents.
IBM also recently stepped up its protection against web-based distributed denial of services (DDoS) attacks through a partnership with a cloud-based web security provider.