The state of cloud encryption: From fiction to actionable reality

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

The risks of data privacy, residency, security and regulatory compliance remain significant barriers to cloud adoption for many enterprises. While encryption seems like an obvious solution, historically the technology produced usability issues for cloud applications. To complicate matters, putting encryption into the hands of cloud service providers still left the enterprise open to risks such as insider fraud, hacking and disclosure demands from law enforcement.

Fortunately, technical advances have led to a new category of cloud encryption. When deployed, users access cloud services from Salesforce, Microsoft, Google, etc. through gateways that encrypt data before it goes to the cloud, while it is at rest, and decrypt it on the way back. This ensures information moving to and from and while resident in the cloud is fully protected from any type of exposure.

[ IN DEPTH: Hybrid clouds pose new security challenges

MORE: Cloud tools abound. Is enterprise IT ready? ]

This approach to encryption serves as a stable foundation for locking down information in the cloud and delivers these five enterprise-grade benefits:

* Operations-preserving encryption. Until recently, encrypting cloud information "broke" the functions in applications like Salesforce, Google Gmail or Microsoft Office 365. Users could no longer search or sort any encrypted fields, significantly hampering the use of encryption with cloud applications. However, a cryptographic technology breakthrough called operations-preserving encryption solves this problem. This approach enables the encryption of sensitive fields like Social Security or credit card numbers, while still letting users see, search, sort and report on the encrypted information. [also see: "How joining Google Gmail with encryption system helps high-tech firm meet government security rules"]

* Near-zero latency. While operations-preserving encryption makes encrypting information in the cloud possible, speed of performance is essential for user productivity. It is essential that an encryption gateway operates with near-zero latency, which is typically not noticeable by end users.

* Content- and context-sensitive encryption. Another recent breakthrough is that of dynamic, content- and context-aware encryption. It works by identifying sensitive data based on policies regarding the data content and the context in which it is used, and then automatically encrypting one or more fields. This technique speeds up deployment, enforces policies automatically and can help prevent data loss for organizations that are adopting CRM, collaboration, file sharing and cloud storage applications.

* Enterprise key control. If the cloud service provider controls the keys, cloud data is still at risk from hackers, hactivists, insider fraud or disclosures to law enforcement. Gartner's research note "Five Cloud Data Residency Issues That Must Not Be Ignored" recommends enterprises take steps to assure the privacy of sensitive information, achieve regulatory compliance and understand the implications of data disclosure laws. Their recommendations include deploying encryption solutions, especially for addressing data residency concerns for data crossing borders, and to manage the keys locally to comply with local privacy requirements. Key retention by the enterprise ensures no third party -- whether law enforcement, cloud provider system administrators or cybercriminals -- can access sensitive information in the cloud without first contacting the data owner.

* Efficient key management. Hand-in-hand with the requirement to control your own keys is the need for efficient key management. Advances in today's cloud-based key management tools automate and simplify the details of key management operations that are essential to cloud information protection, such as efficient key assignment, periodic key rotation, and re-encryption of data with new keys.

* Open platform. For fast deployment and effective use, the cloud encryption service must be capable of integrating seamlessly with an organization's existing security components, such as malware detection, data loss prevention (DLP) and activity monitoring technologies. By deploying encryption on a vendor-agnostic platform, IT administrators can select the best-of-breed protection that their users need without fear of vendor lock-in.

Gartner forecasts the public cloud services market will grow 18.5% in 2013 to total $131 billion worldwide. Yet for many organizations, the risks of data privacy, residency, security and regulatory compliance remain a barrier to cloud adoption. This is especially true of financial, insurance, healthcare and technology, as well as government organizations, that must comply with industry compliance mandates, including GLBA, PCI, HIPAA, HITECH, PIPEDA, ITAR and the EU Data Protection Act.

By combining cloud encryption with the above capabilities, organizations can securely adopt popular cloud services and reap productivity gains for users and IT cost reductions to satisfy budgetary requirements.

CipherCloud, the leader in cloud information protection, secures 100 million-plus records for 1.2 million users globally across multiple industries.

Join the CSO newsletter!

Error: Please check your email address.

Tags content aware encryptioncloud securitydata loss preventionoperations preserving encryptionencryptioncloud computinginternetGoogleMicrosoftsecurityCloudcloud encryptionkey management

More about DLPEUGartnerGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Debabrata Dash, Ph.D., chief scientist and architect, CipherCloud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts