New ETSI spec to secure sensitive data in the cloud

News

ETSI’s Technical Committee on Cybersecurity has released a new specification to help secure sensitive data in virtualised environments.

The ETSI TS 103 457 specification aims to tackle the challenge of secure storage in scenarios where organisations need to protect customer data when using a cloud that is not under their direct control as it is held in a virtual network or cloud.

Secure vault

The new specification standardises an interface between a "secure vault" that is trusted and a cloud that could be anywhere. Sensitive data is stored in the vault.

“This allows a sensitive function to exist in a lower security environment, with data held securely,” ETSI explains.

The interface can be used with new network function virtualisation (NFV) technology to allow secure authentication of users for billing purposes, for example.

A statement from ETSI says, "Virtualisation means that processing can happen anywhere and might be untrusted. Therefore these secure vaults are needed to protect sensitive functions and data. This is more common than ever as NFV technology becomes widespread."

Audit trail

The interface can also be used to search databases that hold private data. Another feature defined in the specification is a logging function that allows queries of customer data to be audited, making it easier to detect data breaches and deter malicious activity.

This standard proposes a new interoperable interface, so that an organisation may change "vault" or cloud provider and still achieve the same functionality.