When it comes to cloud applications, enterprises have an encryption gap. Encrypting data while it is in storage is straightforward, even if many companies are still neglecting to do it. So is encrypting data while it is in transit. But what about data in use?
For a cloud application to be able to do anything with the data, it has to see the data in plain-text form. That means that an attacker or insider with access to the application’s environment can look over its shoulder, so to speak, and read the data. This is the security gap that Spectre and Meltdown present.
Until recently, the only solution for enterprises was to run the applications client-side, and use the cloud for storage only. Now, several technologies have recently emerged that address this problem from both the hardware and software side. Google, Microsoft and IBM all have solutions either in place or in the works, and several startups are working in the space addressing specific use cases.
“This is a really new area,” says Deborah Kish, an analyst at Gartner. Because it’s so new, there aren’t any market size estimates yet, she says. “I think it’s promising, and I think it’s a little early for its time.”