The cloud has opened up incredible opportunities and efficiencies for businesses. However, with these opportunities there is also an increase in security risks. How can you be sure your data is safe in the cloud?
Traditional ways of protecting data, such as passwords, firewalls, and other defensive strategies are no longer enough. For greater protection, encryption protects your data from being accessed by anyone without the corresponding key. Data that is encrypted with a key, can only be deciphered by the same key.
Cloud service and storage providers have been keen to demonstrate their commitment to securing their customers’ data. After all, their business relies upon other organisations trusting them with their data. This is why many offer cloud encryption as part of their service.
In the past, many businesses took advantage of this, because it was convenient and they felt comfortable letting the provider manage their encryption keys.
However, it is not just news of major breaches that have made companies think again about entrusting their cloud provider to manage their keys. Revelations about extensive US surveillance and intelligence gathering by the National Security Agency (NSA) came to light when leaked by whistle-blower, Edward Snowden in 2013.
Since then, the privacy and protection of data belonging to individuals and businesses has been strongly debated. Cases such as that brought against Apple by the FBI have ensured the topic remains in the news.
Cloud service providers can potentially find themselves in the difficult position of being legally required to hand over your data and key to government authorities if requested to do so. This is especially relevant if your providers are US based, where the Patriot Act comes into play. Additional legal restrictions may mean your provider cannot tell you that government authorities have requested access to your data.
This is one of the reasons BYOE (bring your own encryption) or BYOK (bring your own key) has become increasingly popular.
When an organisation allows their service provider to manage encryption on their behalf, that service provider has access to the key, and by extension, the organisation’s data that is protected by that key. If you manage your own keys, the data sent to your cloud service provider is encrypted before the provider receives it, and the provider cannot access it or give anyone else access to it.
Managing your own keys comes with a significant increase in responsibility. You must not lose your key or else you won’t be able to access your data and your cloud service provider won’t be able to help.
If you don’t feel confident in taking on the responsibility of managing your own keys, the Digital Pathways nCrypt solution provides a managed service where the security server appliances are located in a protected UK based Network Operations Centre (NOC). Here all encryption keys and security policies are stored. The encryption is enforced at the point of data access whether that is in the cloud or within clients’ premises.
Contact us to find out more about how our managed security services can protect your valuable data.