What is Cloud Encryption
Compliance requirements and the penalties associated with them remain perhaps the single greatest set of drivers towards the adoption of cloud security technology. This includes the requirements for Data Privacy, the European Community General Data Protection Regulation 2016/679 (GDPR), other requirements which flow from compliance such as data residency.
Compliance is followed closely by the need to mitigate threats from breaches which may be driven by a broad variety of cloud threats. Finally, the need to address corporate security policies, which are derived from compliance as well as the need to protect against reputational damage provide strong incentives for customers to plan for, budget, and adopt the newest cloud security technologies.
As Gartner Group has noted the use of a cloud access security broker (CASB) can remediate and/or substantially address the security issues of cloud-based services or data storage.
How to Deploy a CASB+ Solution
The Digital Pathways CASB+ solution secures enterprise data as it is delivered to the cloud, without restriction on the cloud service or application. This is done in a way that is completely transparent to the cloud service end users. Cloud application data is completely secured and protected through its entire lifecycle regardless of which SaaS, PaaS or IaaS you chose for your use.
We support multi-cloud environments with one unified and consistent Zero Trust approach. We secure all of your clouds, both SaaS, such as Salesforce, ServiceNow®, Office 365®, SAP® Successfactors®, Google® Apps, Box®, and Dropbox, and your custom cloud applications.
Zero Trust end-to-end encryption eliminates the risk of cloud threats and vulnerabilities, most of which you have no control over, to reduce your risk and ease of compliance. This unified and consistent approach reduces administrative costs and greatly reduces audit complexity. Cloud provider encryption is not only limited and insecure but also builds a silo for each cloud and increases complexity and costs for customers with multiple clouds.
Zero Trust ensures that data is encrypted by the customer before it is delivered to the cloud, and only decrypted by the customer when being accessed by authorised users with additional security controls beyond standard login credentials. Any breach which intercepts or steals data at any point within the cloud only provides the attacker with unintelligible content as the data is encrypted. If the stolen data is encrypted, there is no breach to report for compliance purposes.
This end-to-end or Zero Trust encryption applies to the entire lifecycle of the data. This includes at-rest (in the database), in motion (moving through the network, in APIs, middleware, etc.), and in use. By encrypting data “outside” of the cloud, you are no longer subject to breach due to misconfiguration, access to data encryption keys, access to encrypted databases through an API, or any other primary cloud threat. Your data is locked down with data encryption keys held by the customer, such that an attacker cannot put the pieces together to access your data. Zero Trust enables you to address the weakness inherent in broken SaaS application data security architectures, and meet the newest and most challenging data security demands of the latest compliance regulations.
The Digital Pathways solution’s encryption and key management architecture allow one global instance of a SaaS application to selectively encrypt the data for each required country and meet local residency requirements. This capability is provided while also meeting multiple countries’ requirements for residency using the same application instance and ensuring that identifying personal or sensitive data is not revealed outside of the country or area of sovereignty.