How to make the most out of encrypting data in the cloud

Moving a company’s sensitive data to third party clouds complicates the risk landscape where it operates each day. Because sensitive data is of enormous value to a hacker, cloud defense is a business imperative.

In order to understand what concerns should be included in a cloud security strategy, it must be understood what can’t be afforded to lose and what sensitive data should stay out of the cloud. Businesses migrating to the cloud are being advised to lock down any sensitive data before it leaves their premises, which is why more companies are deploying encryption.

Cloud providers are even upgrading their encryption levels, reinforcing the relevance of encrypting sensitive data in the cloud for security and compliance with privacy regulations worldwide. Once a company has committed to encrypting its data, it must decide how, to what extent and which data to encrypt.

Encryption guidelines

Enterprises needn’t encrypt all of their data in the cloud. After all, that would be an expensive and counterproductive undertaking. Data needn’t be encrypted in the same way either.

What works for names may not work as well for social security numbers. For functionality’s sake, credit card numbers may need their formats preserved in ways that mailing address information does not.

>See also: GCHQ had IT industry moles to help break encryption, reports claim

Therefore, they should consider a variety of options as part of their cloud encryption solution.

1) Index tokens and pads

They replace data with cryptographic tokens or encrypt and decrypt them using single-use, randomly generated private keys.

2) Strong cryptography

PCI defines it as encryption based on “industry-tested and accepted algorithms”, for example AES, which is used in conjunction with strong key lengths and proper key management practices.

3) Data storage life cycle management

Encryption in the cloud can only be considered truly secure and effective if it persists throughout the lifecycle of the data stored in the cloud.

How can a company truly know the lifecycle of its data if a third party cloud service provider (CSP) is storing its data? Uncertainties surrounding archive, backup and the timely deletion of data, either on your schedule or upon the organisation’s request, make determining the lifecycle of information stored in the cloud a difficult affair.

To get around this issue, the business needs to make sure that no matter how long its data lives in the cloud, it is the only one that holds the keys to it – and therefore is the only one that can access it.

4) Data access control

As researchers discussed in the International Journal of Engineering and Advanced Technology, storing data in the cloud results in security risks since “the cloud data can be accessed by everyone.” It then notes that “a prevention measure is needed to secure the data from unauthenticated users or intruders”. Encryption in the cloud alone may not fully mitigate these risks.

>See also: Use of encryption growing but businesses struggle with it – study

Making encryption work

A business migrating to the cloud should ensure it fully secures its data by properly encrypting confidential information according to industry recommendations, which include using AES 256 bit encryption, the gold standard, and, as an additional security control, exclusively retain the keys.

It must also ensure that whoever holds the encryption keys in your own organisation is justified in having access. For that reason, granular data access control policy is a must.

With these critical elements in a cloud information protection programme, valuable information is strongly protected even in the event of a breach – and that can only be a good thing.


Sourced from Paige Leidig, SVP at CipherCloud

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics