Enterprise Cloud Encryption is a Shared Responsibility

Posted by AdamChriss on July 15th, 2014

According to a study conducted to the Ponemon Institute, around half the enterprises surveyed utilize cloud services to transfer sensitive information, and the confidence levels in the security of cloud service and storage providers has been steadily increasing. Despite increasing confidence levels, it’s important to question protection levels in the cloud.

Ponemon also conducted a survey that encompassed 4000+ information technology managers in several countries, including the US, the UK, Germany, France, Australia, Japan, Brazil, and Russia, asking questions regarding cloud services and cloud encryption procedures when dealing with client information. Questions regarding how companies encrypted data in the cloud - before of after pushing data to the cloud. Ponemon also noticed patterns off the past 3 years in conducting the survey. These trends included that companies trust the cloud with their confidential information more nowadays, likely in tandem with cloud security education also more prevalent. Furthermore, larger companies now have “a stronger security posture”, according to Ponemon, meaning that the likelihood of them using cloud services is greater. It’s interesting to note that enterprises in Germany were more trusting with the cloud over organizations in Russia. In addition, the type of service involved in cloud services plays a large role in data security. For example, in software as a service environments, more than 50% of respondents thought that the cloud provider held responsible for security. However, as for with IaaS or PaaS, about 50% of the respondents replied hinting that security of data is considered as a responsibility on the client and provider.

It was also interesting to see how survey participants felt about encryption key control. According to the study, for encryption and data at rest in the cloud, 34% were under the impression that they themselves possessed control of encryption keys. Then onwards, the largest section thought it to be in dual control of their enterprise and the cloud provider, at 28%.

Also important is to verify the quality of cloud encryption standards. According to security analyst Brian Hogan, “In many ways the key to effective cloud encryption is not just in the use of good encryption algorithms but also in implementation and management of the overall encryption infrastructure and that you as the customer has sole control on that”. “It is important to remember that not all cloud providers may be able to offer encryption, or indeed support third party encryption tools, with their product or service, “says Honan. This is supported by Alphapoint Associates analyst Lars Muller who states, “Its important that enterprises take control of their security by maintaining encryption on their hands, and be responsible for their own fate – and not pin it on the back of the cloud service providers’.”

In summary, if an organization is focused on customer data privacy and security, and wants to leverage the flexibility of the cloud, one should search for a cloud encryption solution that provides direct control of keys. Just as client’s sensitive and highly confidential is a highly defended asset, its important to keep the cloud encryption keys under one’s borders as well. Therefore, cloud encryption key access should be maintained under one’s control, not in the hands of one’s CSP.

Author :

Adam Chriss, a proud contributing author and a freelance writer with interests in various subjects and writes articles on several subjects including Cloud Technology, Cloud Security, Cloud Data Security, Cloud Encryptiondat etc,.


AdamChriss

About the Author

AdamChriss
Joined: July 11th, 2014
Articles Posted: 10

Dualmine - Multiply your Bitcoin, Ethereum, Litecoin and Dogecoin
Start cloud mining and increase your crypto capital now! Unique product offering the mining of the most profitable cryptocurrencies in the cloud - BTC and ETH. You can mining one of them or both at the same time. Your hardware is already running and waiti
Claim 1 FREE Stock! No Purchase Necessary!
You have a 100% chance of receiving one free stock! Click to claim and have a chance to get one share of Facebook, Visa, Microsoft and others for free!
FREE App - Earn up to 25/gal cash back on gas!
Download this FREE app and earn cash-back when you buy gas, groceries and food! 100% FREE to join and FREE to earn cash back on your everyday purchases!
Quality Office Furniture USA Shipped Direct - Madison Liquidators
Nationwide vendor of quality office furnishings including Desks, Office Chairs, Conference Tables, Cubicles and more!
Earn HNT Tokens with a Helium Hotspot!
Pre-Order a Helium hotspot and earn HNT tokens that are redeemable for USD. Set it and forget it!
Lolli: Earn Free Bitcoin When You Shop Online!
Lolli is a rewards application that gives you bitcoin for shopping at your favorite online stores.