Client-side encryption is vital for privacy, business confidentiality on third party, untrusted clouds

Encryption is a complex topic. It has more to do with mathematics than with software engineering. I do not intend to discuss the mathematical underpinnings of encryption in this article. This article is primarily about where, in the overall lifecycle of data, would deploying encryption make the most impact. We will discuss the multiple contexts affecting our choices. A better understanding will motivate and equip you to make informed decisions about the security guarantees given by untrusted, third-party clouds today. This, in turn, will help you make better, safer decisions for your organization.

Encryption is the process of encoding information in such a way that only authorized parties can access it and those who are not authorized cannot. Encryption by itself cannot prevent a data breach, but in the event of a breach, the hackers will get garbage, i.e., encrypted data.

Documented towards the end of the fourth century BC, India, has the first reference, in recorded history, for the use of cryptography. From the Jefferson Wheel, to the Enigma Machine to our beloved AES and many other encryption schemes, the science of making the plain text (also called clear text) unintelligible by using mathematical techniques has kept valuable information safe throughout history.

Today, almost all web applications we use, whether inside the office or outside, have two components — a client side and a server side.

When we say, client-side, the environment we refer to, is the end users device. It can be a computer, smartphone, tablet, etc. Sometimes, the client-side is also referred to as the front-end. The backend runs to the server, and hence also called the server side. The data that is generated, displayed, rendered on the client side, i.e., the end user’s device, is usually stored on the server side. A simplified diagram of a web application architecture is depicted in the picture below.

ziroh labsWith this knowledge about web application architecture, let us look at the two choices we have in terms of deploying encryption. Please note, this is not about what type of encryption you will deploy, but where in the overall application architecture you will deploy encryption.


From the above analysis, it is clear that client-side encryption significantly improves your overall data security posture. You, the owner of the data is always in control and not your cloud-based storage provider.

Client-side encryption is like putting data in an unbreakable safe. Then you lock the safe with your own keys and keep the keys with you alone. You then use your friend’s house to simply store your unbreakable safe because you do not have physical space in your own house. The friend’s house, in this physical example, is the cloud storage provider in an online example.

Cloud adoption is growing rapidly because data volume is growing rapidly. The digital footprint of our lives, families, and businesses is growing exponentially. Every single day, hundreds of millions of people create digital assets (photos, videos, documents, texts, etc.). The total amount of data in the world is set to rise steeply to 44 zettabytes by 2020. To put that in perspective, if an average song (4 MB) runs for 4 minutes, one petabyte of songs will run nonstop for over 2,000 years. One zettabyte is equal to 1000000 petabytes!

As cloud adoption grows, data breaches are growing like weeds as well. According to the site breachlevelindex, close to 10 billion records were stolen or breached since 2013.

Over the next decade, newer, performant, client-side encryption techniques will continue to become increasingly important.

This is a topic of great interest to Ziroh Labs. I will continue to write my thoughts on this topic. I hope you will engage with me with your valuable comments, feedback because the topic of privacy and confidentiality has never been more important.

About Ziroh Labs:

Ziroh Labs is building a Software Defined, Security Stack that will allow users to trust any untrusted, third-party cloud without compromising usability, privacy and business confidentiality. Ziroh Labs is accelerated by Cisco LaunchPad, a part of NASSCOM Deep Tech Club and recently inducted to MassChallenge Israel

About Author:

Bhaskar Medhi is the co-founder and CEO of Ziroh Labs. Prior to Ziroh Labs, Bhaskar held several positions in high growth, software products and services companies. He is an alum of the Indian Business School, Hyderabad and an engineer from National Institute of Technology, Bhopal