The state of cloud encryption: From fiction to actionable reality

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The risks of data privacy, residency, security and regulatory compliance remain significant barriers to cloud adoption for many enterprises. While encryption seems like an obvious solution, historically the technology produced usability issues for cloud applications. To complicate matters, putting encryption into the hands of cloud service providers still left the enterprise open to risks such as insider fraud, hacking and disclosure demands from law enforcement.

Fortunately, technical advances have led to a new category of cloud encryption. When deployed, users access cloud services from Salesforce, Microsoft, Google, etc. through gateways that encrypt data before it goes to the cloud, while it is at rest, and decrypt it on the way back. This ensures information moving to and from and while resident in the cloud is fully protected from any type of exposure.

[ IN DEPTH: Hybrid clouds pose new security challenges

MORE: Cloud tools abound. Is enterprise IT ready? ]

This approach to encryption serves as a stable foundation for locking down information in the cloud and delivers these five enterprise-grade benefits:

* Operations-preserving encryption. Until recently, encrypting cloud information "broke" the functions in applications like Salesforce, Google Gmail or Microsoft Office 365. Users could no longer search or sort any encrypted fields, significantly hampering the use of encryption with cloud applications. However, a cryptographic technology breakthrough called operations-preserving encryption solves this problem. This approach enables the encryption of sensitive fields like Social Security or credit card numbers, while still letting users see, search, sort and report on the encrypted information. [also see: "How joining Google Gmail with encryption system helps high-tech firm meet government security rules"]

* Near-zero latency. While operations-preserving encryption makes encrypting information in the cloud possible, speed of performance is essential for user productivity. It is essential that an encryption gateway operates with near-zero latency, which is typically not noticeable by end users.

* Content- and context-sensitive encryption. Another recent breakthrough is that of dynamic, content- and context-aware encryption. It works by identifying sensitive data based on policies regarding the data content and the context in which it is used, and then automatically encrypting one or more fields. This technique speeds up deployment, enforces policies automatically and can help prevent data loss for organizations that are adopting CRM, collaboration, file sharing and cloud storage applications.

* Enterprise key control. If the cloud service provider controls the keys, cloud data is still at risk from hackers, hactivists, insider fraud or disclosures to law enforcement. Gartner's research note "Five Cloud Data Residency Issues That Must Not Be Ignored" recommends enterprises take steps to assure the privacy of sensitive information, achieve regulatory compliance and understand the implications of data disclosure laws. Their recommendations include deploying encryption solutions, especially for addressing data residency concerns for data crossing borders, and to manage the keys locally to comply with local privacy requirements. Key retention by the enterprise ensures no third party -- whether law enforcement, cloud provider system administrators or cybercriminals -- can access sensitive information in the cloud without first contacting the data owner.

* Efficient key management. Hand-in-hand with the requirement to control your own keys is the need for efficient key management. Advances in today's cloud-based key management tools automate and simplify the details of key management operations that are essential to cloud information protection, such as efficient key assignment, periodic key rotation, and re-encryption of data with new keys.

* Open platform. For fast deployment and effective use, the cloud encryption service must be capable of integrating seamlessly with an organization's existing security components, such as malware detection, data loss prevention (DLP) and activity monitoring technologies. By deploying encryption on a vendor-agnostic platform, IT administrators can select the best-of-breed protection that their users need without fear of vendor lock-in.

Gartner forecasts the public cloud services market will grow 18.5% in 2013 to total $131 billion worldwide. Yet for many organizations, the risks of data privacy, residency, security and regulatory compliance remain a barrier to cloud adoption. This is especially true of financial, insurance, healthcare and technology, as well as government organizations, that must comply with industry compliance mandates, including GLBA, PCI, HIPAA, HITECH, PIPEDA, ITAR and the EU Data Protection Act.

By combining cloud encryption with the above capabilities, organizations can securely adopt popular cloud services and reap productivity gains for users and IT cost reductions to satisfy budgetary requirements.

CipherCloud, the leader in cloud information protection, secures 100 million-plus records for 1.2 million users globally across multiple industries.

Join the discussion
Be the first to comment on this article. Our Commenting Policies