Your Data is Everywhere — Encrypt Everything That Matters
tracy.hamilton
This guest post was written by CJ Radford, VP of Cloud for Vormetric (a Thales Company), a comprehensive high-performance data security company and Rackspace partner.
Even as companies entrust ever more of their sensitive data to the cloud, too many remain in denial about the threats posed to that data.
That’s one of the key takeaways in Vormetric’s most recent annual Data Threat Report, which found that while enterprises have increased the use of sensitive data in the cloud from 54 percent to 85 percent, security remains the top barrier to cloud adoption. Yet while three-quarters of U.S. companies surveyed cite breach and attack concerns over the security of their data in the cloud, only 24 percent are using encryption to safeguard that data.
What is going on here, and how can companies reduce risk and increase security?
Your Sensitive Data is already in the Cloud
As the IT landscape continues to evolve, cloud services are being adopted in practically every layer of IT infrastructure. In the IT department, backup storage, disaster recovery and supply chain applications are usually the first cloud services adopted, since the cloud provides such attractive economies of scale and costs. And while centralized IT was long the norm for most companies, these days, business units outside IT are increasingly adopting cloud applications to run business tasks like customer relationship management, business intelligence, help desk and digital marketing automation.
Taking a deeper look, many cloud vendors are likely using public cloud services from Amazon Web Services, Microsoft Azure, Google Cloud Platform or others to deliver their services. This means all types of sensitive data — client data, confidential business information, employee information and financial data — are likely already being stored in some form in the cloud. And that means it’s critical to the very survival of a company that it take measures to maintain data security and privacy for clients, customers, partners and employees.
One of those measures should be encryption with company-controlled key management.
Encryption is Essential in the Cloud
The Cloud Controls Matrix Working Group, part of the non-profit Cloud Security Alliance, which is dedicated to defining and raising awareness around cloud security best practices, has created a security framework that offers structure, detail and clarity around information security in the cloud. They recommend:
- Data segregation keeps data separate and protected from other data in the cloud to ensure confidentiality.
- Secure key management enables complete ownership and management of the cryptographic keys.
- Data access controls define the users or applications that are allowed access the protected sensitive data.
- Auditing and monitoring data access tracks and logs all data access activity to proactively help identify unauthorized data access.
- Data destruction enables the ability to “digitally delete” data by destroying the encryption keys, rendering data unreadable.
These best practices call for strong data encryption-at-rest and company-controlled key management, which enables organizations to protect, govern and maintain control over their data in the cloud. In the shared responsibility model, encryption establishes an important security control to enforce a clear separation of duties between the company and its cloud service provider.
By applying encryption and key management, companies enable control and security for their data in the cloud. They own the keys so they can be confident that cloud service provider administrators will never be able to see their data in the clear. Moreover, if there are unauthorized copies of data in the cloud, it will remain protected since ownership and access to the keys are governed by the company. In fact, once company workloads and projects are complete, they can be confident that all the encrypted data and even unknown copies of the data can be deleted forever by simply destroying the key. We call this ‘permanent’ data security.
Adopt an Encrypt Everything That Matters Strategy
If encryption and key management are so effective in protecting data in the cloud, why is adoption so low in cloud deployments?
It may be that cloud-adopting companies simply have not found a data encryption strategy that will work and scale across the different data types found throughout their business. In the past, encryption has been viewed as a tactical security measure applied to databases, files, hard drives and personal devices when needed. This piecemeal approach quickly becomes cumbersome to deploy and manage different encryption technologies and their associated keys as the usage grows. Today, all data types including structured databases, unstructured files and folders, and big data nodes can be secured under a single data-at-rest encryption solution like the Vormetric Data Security Platform, with a common key management solution that makes deployment and administration much easier.
With an “encrypt everything that matters” strategy implemented on a comprehensive encryption and key management platform, companies can efficiently protect and control all their data everywhere. That means companies can assure their most valuable assets are protected in the cloud and confidently adopt cloud services to fuel their growth.
Read more about the “Encryption as an Enterprise Strategy” report from the Institute of Applied Network Security (IANS) here.
And learn more about protecting your data at the upcoming Cloud Security Alliance webinar "Best Practices for Protecting Your Data in a Hybrid Cloud Environment," on April 11 at 1pm Central, sponsored by Rackspace and Vormetric.
Visit this page for registration details.