How the Cloud Upended Security – and How Encryption Helps Restore It


By Tilo Weigandt, co-founder, Vaultree

Data is everywhere and anywhere, and as a result, data management is out of control. Once a user or customer has signed up for a service or purchased a product, they usually have no idea about where their data is being stored, with whom it is shared or how it is secured. The adoption of cloud services – while very beneficial in many ways – have made it nearly impossible for companies to have 100% control and knowledge about what is happening to data, where and at what time. The situation is even fuzzier in places where data is being stored and processed in several countries.

Data protection regulations like GDPR apply to companies based in the European Union – or companies doing business in these countries – but ambiguity persists. Companies need to take back control of data, and encryption can play a role in this.

Data privacy, security, and the cloud

While enterprises have financial incentives to scale their businesses using distributed tools like cloud computing services, they are also required to comply with industry standards and federal regulations. These regulations require restricting access to sensitive data to authorized users only; otherwise, companies face severe penalties if audits fail. Customer service level agreements (SLAs) frequently include provisions for data security, as well.

Two of the most frequently mentioned challenges in cloud computing are data security and data privacy. There’s concern that Cloud Service Providers (CSPs) may collect and exploit customer data for their own gain (including the sharing of customer data with third parties). Data encryption can allay these anxieties, but the way most CSPs are using it falls short of providing complete data protection.

How encryption fits in

Encryption ensures the security of both data-in-transit and at-rest when employed in its traditional form; nevertheless, it must be decrypted before any type of processing can be conducted on it. CSPs need access to the accompanying decryption keys to retain the ability to process encrypted data with acceptable performance levels. These keys can be kept on the CSP’s premises or forwarded to the CSP whenever the customer needs to access their data. While this solution addresses some of the concerns about cloud data security and privacy, it can’t be considered totally safe because it requires clients to reveal their decryption keys and therefore, data.

What typically happens is that companies wind up blindly trusting their cloud providers and leave the decryption keys with them. And what happens? Leaks and hacks continue to increase. Advanced encryption schemes, on the other hand – providing fully encrypted cloud environments without the need to decrypt data to process it – are gaining traction and for good reason. There’s simply no other way to get out of this mess.

Advanced encryption is an enabler – not just a security enabler but a technology and business enabler. It brings many monetary, brand and efficiency benefits with it that some executives underestimate. Encryption is the basis for all other security measures; without it, all the rest is pointless. There can be as many vulnerability trackers and endpoint security measures in place as a company wants. But if an attacker breaches the network and the data is in plaintext, it’s lost. It’s the equivalent of setting up a security camera facing your front door yet leaving it wide open for burglars to enter.

Evaluating encryption solutions

There are several best practices you can put in place when deploying encryption. First and foremost, educate yourself about advanced encryption. Encryption must be viewed as a business enabler and revenue driver; it’s an opportunity to show prospective customers that you take security seriously.

As you vet solutions, don’t overlook startups and newer companies as part of that evaluation. There are some innovative approaches happening in this field that haven’t yet hit the big time. You want to look for a solution that securely manages encryption keys across all on-prem and cloud environments. Again, there are good solutions available today that avoid having to disclose your keys and that bypass the traditional way of managing encryption. And what’s more is that encryption no longer needs to be seen as something that’s time-consuming to implement – there are newer solutions available that offer a more “plug and play” approach.

At the end of the day, you want a solution that lets you encrypt and process all of your data with near plain text performance in the safest environment.

Keep calm and encrypt on

With the mass adoption of the cloud, the concept of traditional perimeter security has flown out the window. Hacks and leaks continue, but help has arrived. Organizations need to have a new approach to security that meets the same standard of quality, regardless of location – and that enables high performance and scalability. Encryption is critical to data security and privacy but disclosing decryption keys poses dangers of its own. Advanced encryption eliminates those dangers and provides solid security for all your data in all circumstances. Use the best practices above to find the solution that works best for your organization.

About the Author

Tilo is a program manager, business developer and marketeer with a “nothing is impossible” attitude and more than a decade of experience in starting things from scratch. He has been developing highly scalable tech products, business segments and brands in several industries and markets, including data protection, where he found his passion.  Applying his broad skill set at Vaultree, Tilo’s big goal is to bring cybersecurity closer to the public and accessible to everyone. can be reached via LinkedIn and at our company website https://www.vaultree.com

FAIR USE NOTICE: Under the “fair use” act, another author may make limited use of the original author’s work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material “for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright.” As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner’s exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.



Source link