How Encryption Is Solving Cloud Computing's Greatest Challenge

By now, you already know that cloud computing is a really big deal.

More than a quarter of a trillion dollars will be spent on public cloud services in 2019, and they'll account for a third of global businesses' overall IT budgets. Researchers believe that nearly half of all corporate workloads ran on various cloud services in 2017. But that will increase to 55% in 2019, and 94% by 2021. 

In other words, nearly all of our data will move to the cloud within the next two years.

That's great news for the public cloud providers. In the quarterly earnings report Microsoft (NASDAQ: MSFT) delivered Wednesday, it reported that Azure sales grew 63% in constant currency and said its Intelligent Cloud division now provides a third of overall revenue. Amazon (NASDAQ: AMZN) similarly noted in its earnings call that its Web Services group grew 35% annually and now accounts for 28% of its top line.

In short, there's big money being made in providing the cloud's infrastructure.

An artist's depiction of cybersecurity protecting various devices

Image Source: Getty Images

The cybersecurity opportunity

Due to this mass migration of data to the cloud, there's never been a greater need for innovative cybersecurity companies. But as the market evolves, endpoint security antivirus software from Norton and enterprise firewalls from Palo Alto Networks just won't cut it anymore. Our cloud-housed data needs new tools to protect it from data breaches and hackers -- and a new wave of companies is beginning to step up to address this need.

Zscaler (NASDAQ: ZS) is one of them. Based on the premise that network firewall hardware will soon become inadequate, Zscaler offers a cloud Secure Web Gateway entirely through its cloud-based security layer -- no hardware required. This decentralizes the cybersecurity protection, allowing the data to flow back and forth from the public cloud rather than redirecting it to clients' own physical data centers.

A similar and complementary approach is to disguise all of the data that's flying through the cloud, so it would appear as gibberish to hackers who intercept it. End-to-end encryption is gaining traction as a way to encrypt sensitive data like financial accounts or medical health records.

But there's an added bonus: The encrypted data can still be computed upon. One of the biggest advantages offered by the cloud is the application of machine-learning algorithms, which can make correlations between data points and draw important conclusions. Rather than leaving the sensitive and most-valuable information locked away in on-premise vaults, why not encrypt it so it can still be used for AI calculations in cloud-computing data centers?

This is exactly the approach being pursued by cybersecurity company PreVeil. Born out of research done at MIT, PreVeil's end-to-end encryption could redefine cloud-based cybersecurity in a way that doesn't interfere with workflows (i.e. you'll never even notice it's running) and still allow for machine-learning applications.

I recently spoke with PreVeil co-founder and Chief Technology Officer Raluca Popa. Raluca is developing PreVeil's technology and recently won MIT's prestigious Innovators Under 35 award, previous recipients of which include CRISPR inventor Feng Zhang and Tesla co-founder JB Straubel. 

In our conversation, Raluca describes the current state of cybersecurity, explains why end-to-end encryption will be important, and lists a few things individual investors interested in the space should be watching.

The audio and a complete transcript of our conversation are included below. 



This conversation was originally recorded on Oct. 2. The transcript has been lightly edited for syntax.

Simon Erickson: Hi everyone. Motley Fool Explorer lead advisor Simon Erickson here. I'm with Raluca Popa. Raluca is the Chief Technology Officer and founder of PreVeil, a cybersecurity company. She's also an assistant professor at UC Berkeley.

Raluca, thanks very much for joining me here this morning.

Raluca Popa: Thank you for having me.

Erickson: Raluca, just to set the scene for this, you were a Ph.D. at MIT, did a postdoc over in Zurich, and now also a UC Berkeley professor. You've seen the computing industry change quite a bit over the last several years.

Can you start us off by talking about where we stand in computing today? I know we've kind of gone from PCs and desktops to enterprise networks and firewalls. Now it seems like everything's moving to the cloud.

Where do we stand in computing and what's the current state of cybersecurity?

Popa: A lot of things have been moving to the cloud, which on the security side, while there are advantages, there are also concerns that the cloud is becoming a central point of attack.

And that's why we're hearing about all these massive data breaches where attackers exfiltrate hundreds of millions of our private records. Because they are targeting a juicy resource like the cloud, which gathers massive amounts of data.

We need to think about security in a very different way. The current trend right now is decentralized security, where even though you still use the cloud, you want to be prepared for when the cloud is compromised. So that the cloud is no longer a central point of attack.

Erickson: And so we've seen a move to the cloud. You're working on some stuff called end-to-end encryption. Tell me a little about what that means and why that's actually important?

Popa: Right. End-to-end encryption is stronger than regular encryption. Clouds today encrypt data at rest. Namely, the data is encrypted when it's stored, but when the cloud accesses the data, it gets decrypted. So, if an attacker breaks into the cloud, they can still exfiltrate unencrypted data because the cloud can access it in an encrypted form.

End-to-end encryption is very different in that only the users can decrypt. The cloud has only encrypted data, and it cannot decrypt it. So if an attacker breaks in, they try to steal the data, it's all encrypted. So it's useless.

Erickson: So there needs to be something that de-encrypts the data, so someone actually can use it. But if you protect it from the attackers, it's not going to allow them to get sensitive information?

Popa: Right. That's where the cool part comes in, and also the challenge. The key is on the user devices. For example, let's imagine a Dropbox scenario. In my company, PreVeil, we offer the equivalent of Dropbox with end-to-end encryption.

The key is on your cellphone and is on your laptop, but the cloud only has encrypted data. So when you fetch your files or your emails, you can decrypt them on your laptop and on your cellphone. But the cloud can never decrypt them because the cloud doesn't have the keys.

Erickson: And in addition to just storing this information, then pulling it back out of storage, you're actually able to run computations on encrypted data as well also. Right?

Popa: Exactly. Yes. That's really, well a lot of where my research comes in. Because just encrypting data is not that challenging, but it's challenging to do things with encrypted data.

Something that we can do is we can search on the encrypted data or the server so that the user has the same experience as they have with the regular application, but everything happens on encrypted data.

If you search for a file or for an email, that search can happen on encrypted data. The user sees the results as before, as if the data weren't encrypted.

I think that the hard part with adopting end-to-end encryption is making it easy to use.

One thing that my company, PreVeil, tries to do is to make end-to-end encryption very easy to use, to recover keys, to share files, to allow all the usual tasks that the user is used to with encrypted data. And then my research brings the extra boost of being able to do what clouds are used to doing. Such as searching on encrypted data or doing user recommendations and still being able to carry out their business.

That's the key to adopting encryption: making it usable and functional.

Erickson: That's perfect, Raluca. I saw a previous quote from you saying that securing information without relying on measures to keep hackers out, we want to continue to do our workflows like we always do, without even thinking about things behind the scenes like encryption.

Popa: Exactly, because we should still continue using firewalls and access control. They're great. However, we cannot rely on them entirely for security. We have to be prepared for when attackers break in, and they will always break in, because software cannot be perfect. It will have bugs and it will have exploits. When attackers break in, end-to-end encryption gives you a strong guarantee because the data looks like junk. It's encrypted.

Erickson: Where are the first use cases you're going after for this technology?

Popa: Right, our company already has customers in biotech, and aerospace and defense, and fintech. These are areas that have a lot of sensitive data, so they need solutions like this.

Erickson: We've got another industry that deals with a lot of sensitive information, and that's the healthcare industry. And I saw that you all were working with something called Helen, I think, with hospitals.

Can you talk a little bit about what that project is?

Popa: Absolutely. That's in my research, partly because it is very advanced in terms of what it can compute on encrypted data. But the idea is that a lot of hospitals have sensitive data that they cannot share, but they would love to learn from all of it.

For example, they would like to learn what's the best cancer treatment for a certain type of cancer. And they cannot share the data because of regulation and privacy. So, what Helen allows them to do is to encrypt their data and share it in encrypted form, which is safe because they cannot understand it.

And then the magic -- here's where the magic of the crypto comes in -- is that you can compute machine learning on encrypted data. So you can train a model about what's the best cancer treatment or what's the best flu predictor, and then release only that result.

It sounds like magic. But the math of the cryptography allows you to do this. Namely, the hospitals will be able to publish -- these are the best cancer treatments from this study -- but in the process, they never reveal the data with each other.

They only reveal encrypted data, but that doesn't leak the original data.

Erickson: Yeah, and so Raluca, is it a fair statement to make that as we are progressing from on-premise computing and firewalls and networks and things, as we're moving everything to the cloud, is it safe to say that we need new forms of encryption like this? The old firewalls and the old endpoint security, it's not going to cut it anymore?

Popa: Absolutely. Absolutely, I completely agree.

They're still useful if you want to prevent attackers from breaking in and maybe wiping out the servers. But when it comes to securing the sensitive data, attackers will break in. So you have to have encryption.

Even the old forms of encryption, like encryption at rest and in transit, are not enough because those don't protect the data during computation. We need encryptions that protect the data even during computation, because that's when the attackers are going to attack.

And to implement that requires a very different way of thinking, about computing with encrypted data and processing encrypted data on the cloud.

Erickson: One last question for you. Our audience is mostly individual investors. They're not experts in encryption or computing or anything. But we are very interested in where this industry is heading, how this is going to be applied.

Is there maybe one or two things that you might pass along to individual investors who are interested in this that we should be keeping an eye on to kind of see how things are progressing?

Popa: Absolutely. They don't have to be crypto experts at all. Because the way we're building these products is very, very easy to use, and giving an interface that is the same as the usual products.

For example, in PreVeil, we are offering email and file sharing with end-to-end encryption and it's the exact same interface as users are used to. It interfaces with Outlook, Apple Mail, it works on your file system, on Mac OSX. It works on Windows, it works on Android, iPhone. So it's really that sort of the same experience.

I would say that they don't have to worry about being crypto experts, and they should really expect that this tool should be very, very easy to use.

And going forward there's going to be more and more functionality -- machine learning and all kinds of databases that can support this functionality. And what's great about these mechanisms is that they don't have a central point of attack. So, if you attack the cloud, you don't exfiltrate all this amount of data that you did in the case of Deloitte, Sony, Equifax, Capital One and so forth.

Because now the exfiltration would be just encrypted data.

Erickson: Well, it's very interesting stuff. Again, Raluca Popa, the chief technology officer and the co-founder of PreVeil.

Cybersecurity is evolving very quickly. As you can hear from what she's talking about, the applications. A lot of it is still email and file sharing, but we're moving everything to the cloud.

And super important also to do the calculations and the computation of that encrypted data.

Raluca, thank you very much for joining me here this morning.

Popa: Thank you, Simon.

John Mackey, CEO of Whole Foods Market, an Amazon subsidiary, is a member of The Motley Fool's board of directors. Teresa Kersten, an employee of LinkedIn, a Microsoft subsidiary, is a member of The Motley Fool's board of directors. Simon Erickson owns shares of Amazon. The Motley Fool owns shares of and recommends Amazon, Microsoft, and Zscaler, Inc and recommends the following options: long January 2021 $85 calls on Microsoft. The Motley Fool has a disclosure policy.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.


More Related Articles

Info icon

This data feed is not available at this time.

Sign up for the TradeTalks newsletter to receive your weekly dose of trading news, trends and education. Delivered Wednesdays.