Benefits of Encryption
1. Encryption Helps Move to the Cloud
Everyone is concerned about moving sensitive data to the cloud, and most organizations perceive that the cloud is not as safe as their own data center. If your data is in the cloud, it’s not only possible that strangers might see it, but your data could be sitting on the same storage as your competitors. Imagine how much that treasure chest could be worth?
Encryption can make it possible to leverage the benefits of infrastructure as a service, while still ensuring the privacy of your data. You should ensure data is encrypted in flight, while in use, and at rest in storage. By retaining control of your encryption keys, you’re still in control, even when data has left your building. If the service provider makes copies of your VMs, only encrypted data is copied. And at all times, you determine when to deliver, or revoke, the keys.
2. When You Own the Keys, You Can Easily Decommission/Deprovision
Would you put your jewels in a safe and give a stranger the key? Would you have your data encrypted in the cloud and have the cloud service provider own the keys? Probably not the most secure option.
Organizations want to take advantage of the cloud for its cost and flexibility. Part of this value is the ability to spin up or decommission servers, as business needs change. But what happens if you want to leave your service provider? You want to be sure you can get your data back, but you also want to make sure you’re not leaving sensitive data behind. How many copies or backups of your VMs has your service provider created so that they can achieve their operational uptime SLA’s? It’s simply impractical for a CSP to retrieve and delete every copy if you decide to leave.
3. Encryption Helps Achieve Secure Multi-Tenancy in the Cloud
In virtualized cloud environments, multi-tenancy is what drives costs down and increases flexibility. Why dedicate one enterprise-level server to one workload when it can serve many? While virtualization is not new and organizations have taken advantage of its virtues for years, having your VMs and applications running on the same physical servers as other departments or organizations raises some security concerns.
Not only do virtualized servers become richer targets, but if those machines are running in a public cloud infrastructure, you have limited control over who ‘shares’ your hardware. And while strides have been made solving many of the network segmentation issues, another major security challenge still exists: what happens to your data within the storage fabric? If you encrypt data before it enters the cloud, and retain control of the encryption keys, you can ensure your data is safe, regardless of its neighbors.
4. Encryption Key Services Prevent Service Providers from Accessing my Data
 If the service provider has both your encrypted data and your encryption keys, they are able to access your data. To avoid this problem, encrypting your data in the cloud and holding your own keys just makes sense. However, many organizations simply don’t want to manage encryption keys, no matter how easy the key management solution is. They have concerns around backup, availability and DR. This is where a third party comes into play. Why not have your encrypted data with one service provider and have your keys managed by a different service provider?
“Data security as a Service” solves many of these challenges by making sure that key servers are always accessible - always backed up, replicated and protected from disaster. It’s a win-win situation. The service provider holding your data doesn’t own your keys. The security service provider holding your keys doesn’t have access to your data. Encryption now becomes a simple option.
5. Encryption Helps You Meet Regulations
The Payment Card Industry (PCI) has strict guidelines to ensure protection of cardholder data. We all use credit cards and understandably want assurance that our information is safe. Naturally, encryption is a major piece of the PCI Data Security Standard (PCI DSS). But there’s also HIPAA/HITECH, regulations that mandate protection of health care information. Once again, encryption is a critical part of the standard.
Although not all standards mandate encryption, it’s highly recommended. And given the high cost of breach notification and the fact that DLP technology is always revealing sensitive data in places you wouldn’t have thought of, doesn’t encryption just make sense? After all, we wouldn’t shop online without it.
No comments:
Post a Comment