The advantages of profitability and scalability made available to businesses by the Cloud have been the driving factors in the move from on-premise data centers to storage on the internet via the cloud. As cloud computing swept the IT world over the past decade, some businesses are still nervous about placing sensitive customer information and tightly secured business applications somewhere other than their own data centers.
Cloud providers quickly realized that enhanced security had to be foremost in their services to remove the one major tripping point for enterprises contemplating the move to the cloud. Strong security was mandatory to win the trust required to serve as an organization's online vault for sensitive data. Without that trust, a cloud provider cannot stay in business for long.
Cloud Application Encryption
Now in 2018, there are three primary methods for encrypting data to ensure security in the cloud. As reported in the January 11, 2018, article at cloudsecurityalliance.org organizations are implementing CASB (Cloud Access Security Broker) to secure critical corporate data stored in cloud apps. With this technology, all data flowing out from the organization is encrypted using any of three generic cloud-based methods.
- Gateway Delivered Encryption- With this method, the vendor has no capability to access your data, and you control the keys. Key management can be integrated with an organization's existing Key Management Interoperability Protocol (KMIP). Even if a cloud-based key management solution is used the keys never leave your CASB.
- BYOK Encryption- As the anagram suggests this is the Bring Your Own Key encryption method. Keys are generated and managed within your organization, then shared with the vendor. This allows control of the lifecycle as well as the ability to rotate or revoke keys. Once shared with the vendor, data can be decrypted only by authorized users. Data is encrypted at the vendor who also retains access to the data, but you control the keys.
- Vendor Provided Encryption- Data is encrypted at the vendor who also controls the keys and retains access to data.
Leading cloud providers such as AWS (Amazon Web Services), Microsoft Azure, and Salesforce are moving to support the BYOK model. While gateway delivered encryption provides the highest level of security for critical apps and data, it comes at the price of usability issues, especially when the vendor changes field structures. BYOK strikes a balance by providing a high level of security and usability for high-risk apps and data. Vendor provided encryption provides better security than no encryption at all and may be suitable for meeting compliance in non-critical apps or data.
Cloud Security and Employee Awareness
"Insider threats continue to pose the most significant threat to organizations everywhere." according to this 2016 report by IBM security. In 2015, 60% of all attacks were caused by insiders, whether they had malicious intent or were inadvertent actors. Inadvertent actors are those well-intentioned employees who mistakenly grant access to data or fail to uphold the company's security policies.
The best security available can still be compromised by an employee who "hands over the keys" after being duped by a phishing scam or opens the gate for malware in an email attachment. IBM reported that the numbers are improving, as organizations implement better security policies and employee awareness.
Cloud Solutions at TCS
Still looking for more information on how to protect data in the Cloud? Total Computer Solutions has been providing the full range of IT support for businesses for more than 28 years. We can help businesses migrate to the cloud successfully with a reliable team at a reasonable price. We have the expertise and experience to provide services from consulting to complete outsourcing, to find the IT solutions best suited to your individual enterprise or organization.