Thanks to the revelations of Edward Snowden about the activities of the U.S. National Security Agency and the U.K. Government Communications Headquarters, data privacy makes life a lot more complicated for anyone who wants to develop cloud-based applications. If users can't be confident that the privacy of their data is assured, then they're likely to think twice before ever using your applications.
But there's an opportunity here, too: If your apps do keep user data private, then they'll be far more appealing than apps that don't. Developers will soon be able to exploit this opportunity using an open-source secure cloud application development platform called Crypton.
[ Stay on top of the cloud with the "Cloud Computing Deep Dive" special report. Download it today! | From Amazon to Windows Azure, see how the elite 8 public clouds compare in InfoWorld's review. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]
Applications that perform heavy data processing in the cloud often pose a problem, as data needs to be decrypted in the cloud before it can be processed. On the other hand, apps that carry out data processing in a browser on the client side, leveraging the cloud for the storage of encrypted data only, are a different prospect.
Using this type of architecture, user data is always encrypted when it's in the cloud. Even if an intelligence agency or hacker gets access to it in the cloud, or during its journey to or from the cloud, it's unusable.
The problem developers face is building this type of application while ensuring the cryptography component is implemented securely. That's what Crypton aims to address.
Customers want cloud, developers want platform for cloud apps
Crypton is sponsored by a cloud storage and backup company called SpiderOak. CEO Ethan Oberman says Crypton came from the company's software client, which encrypted data before sending it to SpiderOak for storage.
"When customers discovered that they had to download and install our client software, more and more of them were abandoning," he says. "The world is moving toward cloud-based software and people who care about privacy."
Once the company decided to supply a Web-based application instead, it made sense to create an open source platform that other developers could use to build "zero knowledge" applications, Oberman says. This means the cloud provider stores encrypted data and has no information about the data it's storing or where to find the decryption keys.