Joachim Pimiskern

Thanks for question and the answer.

Dear Dipankar Dey

Yes you can setup a cloud scenario to test various security attributes such as confidentiality , integrity of two or more public and private cloud. For example go through this paper you will get some idea

https://dl.acm.org/citation.cfm?id=2986054

Cloud computing is a platform for expanding capabilities and developing potentialities dynamically without employing new infrastructure, personnel, or software systems. In Addition, cloud computing originated from a commercial enterprise concept, and developed into a flourishing IT invention. However, given that considerable information on individuals and companies are identified in the cloud, concerns have been raised regarding the safety of the cloud environment. Despite the hype surrounding cloud computing, customers remain reluctant to deploy their commercial enterprise into the cloud. Nevertheless, lack of protection is the only major concern that hinders increased use of cloud computing. Furthermore, the complexity with which cloud computing manages data secrecy, and information security makes the market hesitant about cloud computing. The architecture of cloud models threatens the security of existing technologies when deployed in a cloud environment. Thus, users of cloud services should know the dangers of uploading data into this new environment. Therefore, in this paper different cryptography aspects that pose a threat to cloud computing are reviewed. This paper is a survey of specific security issues brought by the use of cryptography in a cloud computing system.

Published in: 2013 IEEE International Conference on Control System, Computing and Engineering.Read more

In short, the answer is yes, and it is currently being done, but encryption should not be the only consideration when thinking about running . Consider the Confidential Computing service offered in the Microsoft Azure Cloud (https://azure.microsoft.com/en-us/solutions/confidential-compute/). It uses encryption and features of Intel SGX (https://software.intel.com/en-us/sgx) to make it possible to run programs whose code and data cannot be read by Cloud providers or the Operating System that hosts it.

In addition, encryption by itself shouldn't be the only consideration when looking at running workloads in the cloud - one should not look at only preventative controls but also include detective and corrective controls. The practices of cloud service providers are really important, along with other tools you made include. We talk about our practices here:

https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/securing-the-cloud-for-enterprise-workloads-the-journey-continues-paper.pdf

I have talked to some companies who security departments are happy when users run applications in the cloud because they feel that the Cloud Providers are in a better position in terms of security than their own internal situation.

One of the main goals of securing data transmission is focused on the security of cloud data storage. There are several cryptographic techniques which can be used to address the relevant threats and security goals for analyzing cloud computing security. It's interesting to know that semi-trusted clouds, allow researchers to design private clouds by using cryptographic techniques, to protect the semi-trusted ones. Some papers elaborate on semi-trusted clouds which are related to real-world deployments of cloud resources, and how optimizing cryptographic protocols, would indeed lead to the usage of this certain cloud and therefore practical ways of securing this type of data.

Hello! We conducted research on this topic and developed several approaches based on Intel SGH technology. If interested, you can see the main results here:

https://rdcu.be/bo1ca

https://rdcu.be/bpUo0

https://rdcu.be/bpUpB