Cloud Encryption Interest Spikes in Post-Snowden Security World
Posted by skyhighnetworks on June 10th, 2014
After revelations of security vulnerabilities with cloud providers were published by the Guardian, Nasco Financial decided to encrypt all sensitive data the companies stored in cloud providers such as Salesforce. “We looked at our risk profile and found that cloud encryption was the best way to ensure no third parties are able to access our data,” says Nasco IT Security Director Kevin Devries.
Security experts are calling this new approach to security “post-Snowden” after the NSA contractor Edward Snowden who leaked details of the surveillance techniques used by the agency. Experts say these same techniques could be used by other groups such as cyber criminals or foreign governments. Cloud encryption is seen as one of the strongest defenses against snooping by third parties by making data indecipherable to unauthorized parties.
When data is stored in the cloud, Nasco and other companies plan to encrypt the information before it leaves the company’s firewall. When stored in the cloud application, the data is encrypted, then when retrieved by end users at the company the data is decrypted again. “Given that the NSA is shown to snooping on data as it moves between the datacenters of big cloud providers like Google, the best way to maintain the integrity of the data is keeping the encryption keys on premises.”
When cloud companies maintain the encryption keys themselves, employees of the cloud provider can unlock the data and view it. If asked by a court, they may also be compelled to unlock the data without notifying the company who owns the data. Such blind subpoenas have companies worried their data could be accessed without their knowledge. Also, in an irony not lost on security experts, a rogue insider like Snowden could access and then publish data and embarrass the company.
IT decision makers also see cloud encryption as a way to comply with regulations that prevent certain types of sensitive data from crossing national borders or industry regulations like PCI that protect certain types of information. In the case of the EU Data Protection Directive, personally identifying information can not be transited outside the EU, which includes to a data center hosted in another country. However, encrypted data can be securely stored without violating the law.
Skyhigh Networks, the Cloud Security company, enables companies to embrace Cloud Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information on Cloud Encryption, visit us at http://www.skyhighnetworks.com/cloud-encryption/ or follow us on Twitter@skyhighnetworks.