Storage Integrity in the Cloud
Modernizing Authentication — What It Takes to Transform Secure Access
The concept of a 'vault' doesn't work in the cloud -- there is no physical box that everything goes in. To complicate matters, stored and archived data can be recalled from the storage device at any time -- even 20+ years from now. Who's to say the data didn't change after it was archived in or retrieved from the 'box'?
Encryption has been an accepted mechanism to protect data from being read while stored on a private network, but has zero benefit in the cloud. First, it provides absolutely no proof that the data hasn't changed (0's and 1's can be changed, even if their context is not understood).
Furthermore, the use of encryption to sign data and applications fails miserably in the cloud as the cloud provider and/or malicious software could gain access to the encryption keys via memory and change the data anyway. Finally, there is always the case where the administrator of the encryption keys uses the keys themselves to change the data.