nobeastsofierce - Fotolia


How Microsoft's Secure Data Exchange bolsters cloud data security

Microsoft's new service, Secure Data Exchange, can help protect cloud data while in transit and at rest. Expert Rob Shapland looks at the service and how it works for enterprises.

Securely sharing data in the cloud has always been a problem. Cloud data not only needs to be encrypted in transit, but also when it is at rest. This means that sharing data with third parties can only be achieved by first decrypting it using the data owner's encryption key. Even if the third party is trusted, granting it access to a whole data set might not be desirable and can also create opportunities for malicious attacks, such as data interception or data being accessed by a malicious insider from the third party.

Security controls on data in the cloud can be managed using information security policies, but as soon as that data is decrypted and shared, the data owner is forced to trust the controls of the third party with which it was shared.

Microsoft's Secure Data Exchange

A new service proposed by Microsoft, called Secure Data Exchange, will allow companies to provide third parties with the ability to conduct calculations and analysis on shared data without it ever being decrypted, therefore preventing the third party from being able to read the source data. This significantly increases the security of data sharing, as the only information the third party receives is what it can infer from the results of its calculations. This is known as multiparty computation.

Microsoft posits that this technology could be used to aid companies that want to purchase data, such as a pharmaceutical company that wants to purchase anonymous patient data, but that also want to see the quality of the data and the results it would achieve from it first. Secure Data Exchange could be used in many ways for collaboration between companies without revealing their proprietary data or making themselves noncompliant with data protection standards. Companies can also avoid the need for expensive and time-consuming litigation to protect their interests.

Secure Data Exchange basically works by harnessing the cloud as an intermediary for the data. The data set is moved into a multiparty computation system, the analysis and calculations requested by either party are completed, and then the results are presented to the relevant parties. The computation system is also encrypted during the process, preventing the cloud system from being able to read the data. This means that, if implemented correctly, at no point in the whole process will the data ever be revealed to the third party.

Microsoft's research is not yet complete; however, the ability to safely collaborate on a data set without revealing the data itself could have a large impact on the utility of the cloud. The security of Secure Data Exchange will come down to how the cloud system runs the calculations and how much information is revealed by the results. Although it is inevitable that some information will be revealed, it is important to ensure these results do not compromise sensitive or proprietary information.

Next Steps

Find out how the cloud can help enterprises manage security log data

Learn whether cloud vendor data protection controls are secure enough

Discover more about securing data and ensuring compliance in the cloud

Dig Deeper on Cloud Data Storage, Encryption and Data Protection Best Practices