Cloud computing refers to a network platform and software architecture for providing centralized, shared computing and storage resources as services to a community of customers. A major issue facing a cloud service provider and its customers is data security. One way of securing each separate customer's data is by encryption. Presently, either the cloud service provider performs the encryption on its shared database and maintains the keys, or the data is already uploaded encrypted by the customer, but an associated cloud application is not able to decrypt the data.
If database encryption shall be used, no matter whether it is in the cloud or on premise, the database interface of the application software running on this database needs the keys to decrypt the database, otherwise the encryption cannot work. Further, in the case where not the entire database but only certain fields of some tables are not to be encrypted, such as credit card numbers or social insurance numbers, the application software on the server in the cloud will need the keys.
It is not presently possible to have the decryption performed on the client side in the customer landscape. Application functions such as “Search”, “Sort” etc. will not work if the application software does not have the keys to decrypt application data. Further, database administrators of the cloud service provider are not able to access the decryption keys, as they are completely under the control of the customer.