Encryption is one strategy cloud service providers use to protect enterprise cloud data from cybercriminals and any unauthorized access.
Cloud Data Encryption mathematically transforms data so that it is undecipherable without the “key” that can be used to change the data back to its original form.
For a variety of reasons, enterprises often rely on their cloud service providers to maintain ownership and management of the keys, believing that cloud data encryption can only be accomplished in this way.
Quite frankly, it has become an issue of resource management for some enterprises, as summarized in this quote from a 2013 Gartner report: “Organizations have a limit to the amount of time that staff can dedicate to becoming experts in a given solution. Increasing the number of different vendor cryptographic solutions deployed within a given environment increases the level of overall complexity of the overall system due to higher demands on staffing, increased training and the greater risk of misunderstanding a particular deployment configuration dependency."
Importance of who holds encryption keys
But more and more enterprises are now realizing that when they cede control of their encryption keys to their cloud providers, their sensitive data may not be as private as they had hoped. For instance, sometimes law enforcement can request and be given private corporate customer information from the cloud service provider without the enterprise being informed.
Giving up control of encryption keys may also make the enterprise more susceptible to cybercriminals or rogue employees. There are many ways the information may be unlocked and accessed without the enterprise knowing anything about it. In another report, Gartner makes this definitive recommendation to the enterprise, “Do not store keys or use keys in other jurisdictions, or use a third party; otherwise, the encrypted data could be accessed if the keys are available."
Use well vetted algorithms with strong security proofs
In addition to maintaining physical ownership of the encryption keys, enterprises intent on deploying cloud data encryption need to engage their enterprise IT & Security teams to ensure that the strength of the encryption being used is well understood. They need to look for peer reviewed security proofs and understand implications on the end users of cloud applications if strong encryption techniques, such as FIPS 140-2 validated modules deployed in FIPS mode, are used.
In another report, Gartner recommends, “encryption algorithms that have not been internationally recognized through appropriate standards should be avoided if they do not comply with regulatory requirements.” Later, it says, “if the encryption vendor offers options for ‘function preserving encryption’ – for example, to preserve sort – regulations may require the use of standardized and approved algorithms or proof of independent certification for the potentially weakened encryption.”
You might also like
A few more thoughts: about protecting databy portlandgent
Great points, GA. Some more thoughts:
Beyond simply removing the virus/spyware, remember that you are first of all dealing with customer data and a working Windows system. There's a CHANCE you could screw it up, lose their data, etc. You could even drop and destroy a hard drive by accident. Things happen. How do you protect yourself against that? Hint: the data on the drive is surely much more valuable to the customer than the hardware itself. I'd rather buy them a new hard drive for $50 than be sued for losing all their data (which could be worth...how much?)
I often use True Image (like Ghost) from Acronis to make snapshots of customer drives before I do ANYTHING
Privacy in the Age of Big Data: Recognizing Threats, Defending Your Rights, and Protecting Your Family
Book (Rowman & Littlefield Publishers)
Protecting Data Wherever It Goes: Dell Unveils New End User Data Security .. — Virtual-Strategy Magazine
Dell today announced new proactive security solutions designed to provide organizations of all sizes with protection for their valuable data in the face of new and increasingly sophisticated end user security threats, while continuing to meet employees ..
Risky Business: Sharing Health Data While Protecting Privacy
Information Storage and Management: Storing, Managing, and Protecting Digital Information in Classic, Virtualized, and Cloud Environments
Data Protection for Photographers: A Guide to Storing and Protecting Your Valuable Digital Assets
Book (Rocky Nook)
Windows Internet Security: Protecting Your Critical Data
Book (Prentice Hall)