Seven Critical Criteria for Cloud Data Encryption

cloud-lock_futundbeidl.jpeg?quality=80&strip=all&w=640

Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
The unprecedented level of access points into corporate domains leaves information security professionals turning to a number of data protection methods. Encryption has been a primary instrument in the information security toolkit for decades, but requires reevaluation in the face of the digital transformation we are witnessing today.
Encryption, in its traditional form, is a resource-intensive endeavor that often creates nearly as many challenges as it solves. Forward-thinking enterprises looking to leverage modern technologies have an opportunity to redefine their data protection strategy and, in the process, evolve security from a necessary safeguard to a business enabler. To accomplish this, seven critical encryption criteria must be considered.
 

Criterion 1: Exercise discretion?It’s time to think of our old friend, the 80/20 Rule. Ask yourself what percentage of data within your organization is truly sensitive? More likely than not, the vast majority of your company’s information could appear on a billboard in Times Square with minimal impact; the planning document for Todd’s birthday party does not need to be encrypted.
Ubiquitous encryption can interrupt application function, particularly reporting and search functionality and this is an issue that compounds in today’s highly integrated cloud model. A discretionary and selective approach to encryption secures sensitive data without interfering with the benefits of emerging technologies.
 

Criterion 2: Align with corporate security policy?There’s no need to start from scratch when you develop guidelines to determine when encryption makes sense. Consult existing security policy within the organization to assess what sensitive information may exist within your environment and use this knowledge to build a foundation for your encryption strategy. Don’t forget to consider internal and external compliance regulations relevant to your business.

Criterion 3: Automation-ready encryption?Once a consensus is reached as to which circumstances warrant encryption, it’s time to take action. Leverage security technologies to identify sensitive content within the enterprise, and use encryption as a remediation tool for especially risky incidents. By automating this process, security teams stand to rapidly mitigate the potential of inappropriate data exposure in an intelligent and content-aware manner – and make a tangible impact on organizational security posture.

Criterion 4: Factor in the human element?Now more than ever before, security initiatives must factor in the needs of end users. If a corporate security program interferes with typical user workflows or is too invasive (agents are out of the question), employees will circumvent corporate systems and leverage the endless alternatives made available to them via readily accessible SaaS applications and, if need be, the opportunity to bypass the corporate network entirely thanks to BYOD.
 

Criterion 5: The cloud is everywhere.?The question is no longer when organizations are adopting cloud technologies, it’s how. When was the last time you went to an office supply store and bought software in a physical box? It’s okay, I can’t remember, either.
The challenges associated with encryption in the cloud are owed to three phenomena: the explosion of data in the cloud, the expectations of the modern user, and the criticality of preserving native cloud functionality. From 2014 to 2015, we have witnessed 10x growth in the number of files stored in public cloud applications. Encrypting such a high volume of data is analogous to bubble wrapping an entire house rather than focusing on the fragile items that matter.
Meanwhile, security leaders are beginning to understand individuals are leveraging cloud technologies in their business and personal lives, leading to a more efficient, collaborative, and mobile way of life. Users are accessing SaaS applications both inside and outside of traditional corporate networks. And finally, as we have already discussed, non-discretionary encryption can introduce complications in the cloud in the form of broken search and reporting functionality.
 

Criterion 6: Adaptive architecture?It follows, therefore, that contemporary encryption strategies must be compatible with the cloud-first mentality many organizations are adopting to enable their workforce with the best tools available. To that end, hardware-dependent encryption gateways or solutions requiring traffic rerouting and network reconfigurations have been rendered ineffective and non-preferential. (Disclosure: Cloudlock is one of many vendors in the market that offer a cloud-focused encryption solution.)
Network devices associated with the traditional on-premises encryption model introduce a single point of failure and lack the scalability, ease of deployment, and mobile / cloud compatibility that has become the new standard. Additionally, they miss the growing volume of cloud-to-cloud traffic that never traverses the corporate network, i.e., a file sync and share application integrating with a CRM.

Criterion 7: Encryption is just the beginning?While the security value of encryption is substantial, security professionals must avoid the seductive appeal of relying solely on encryption. Complement encryption strategy with additional best practices for a holistic security program.

Rather than treating users as an adversary, convert them to security ambassadors and allies. Engage in an ongoing dialogue with users to ensure their needs are understood while creating an opportunity to communicate the objectives and value of your organizational security strategy. You might even get them to remove Todd’s Social Security number from that birthday party planning document.
Adeptis:  http://bit.ly/1MEAaIf

« Dark Web Drug Dealers Specialised in ‘party packs’
‘Don’t Risk IT – Cyber Secure IT’ »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Tenfold Software

Tenfold Software

Tenfold is the unique, centralized platform for managing user and permissions efficiently and automatically.

Lumen Technologies

Lumen Technologies

Lumen is an enterprise technology platform that enables companies to capitalize on emerging applications and power the 4th Industrial Revolution (4IR).

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

LightEdge Solutions

LightEdge Solutions

LightEdge’s highly-trained compliance and security experts take the guesswork out of keeping your business protected.

Intercast Global

Intercast Global

Intercast's mission is to be a strategic resource to our clients in Risk Reduction. We are a global leader in cyber security staffing and consulting to the enterprise.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Trace3

Trace3

Trace3 is a pioneer in business transformation solutions, empowering organizations to keep pace with the rapid changes in IT innovations and maximize organizational health.

NACVIEW

NACVIEW

NACVIEW is a Network Access Control solution. It allows to control endpoints and identities that try to access the network - wired and wireless, including VPN connections.

OryxLabs

OryxLabs

OryxLabs provide advanced enterprise digital risk protection solutions. Learn more about how 24x7 continuous assessment, monitoring, and improvement can secure your network.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.

DataPatrol

DataPatrol

DataPatrol is a software company, specialized in providing Security and Privacy of company’s data and information in an evolved way.