Encryption of Cloud Data
Organizations seeking to protect sensitive and mission-critical data quickly realize that there is no single answer to keep all systems completely secure.
Online data security is a complex, rapidly evolving landscape, requiring robust and layered protections. Encryption is one tool in a comprehensive defense-in-depth strategy to mitigate the risk of accidental and intentional data breaches.
Like every other technology tool, implementation must work within a broader digital ecosystem, without disrupting the purpose that the system was designed to fulfill. Evaluating the benefits of encryption against potential tradeoffs such as cost, performance, and ongoing maintenance is at the heart of determining the most effective and efficient means of using encryption.
First, a few basics:
What is encryption?
Encryption takes plaintext (your data) and encodes it into unreadable, scrambled text using mathematical algorithms, effectively rendering data unreadable unless a cryptographic key is applied to convert it. Encryption ensures data security and integrity, even if accessed by an unauthorized user, provided the encryption keys have not been compromised. Encryption can protect data in motion, referred to encryption in transit or encryption in flight, as well as at rest; meaning in storage. Encryption often occurs at multiple levels of a system, appropriate to the context of use and other system components.
Why use encryption?
Encryption is considered a best practice for any security-conscious organization, including those that need to meet specific industry compliance requirements such as HIPAA compliance for healthcare, PCI DSS compliance for ecommerce and retail, and SOX for financial reporting. Recurring data breaches are increasing, particularly in the healthcare industry that reports an estimated $7 billion loss due to data breaches. Even those organizations that determine their risk of data loss is minimal often choose encryption to mitigate the risk of having to report a data breach, since the loss of encrypted data may not be considered a reportable event if the encryption keys remain safe.
The increased cyber threats of hackers and data theft presents a strong case for employing encryption and infrastructure that both secures data while delivering strong computing performance for optimal data availability and reliability. In this white paper, different types of encryption will be discussed, including using encryption in the cloud.
Although encryption is not a silver bullet of data or system security, it is one key tool that can be accompanied by a full arsenal of security services for a layered-defense approach to ensuring data is protected, even if accessed by unauthorized individuals. Additional security options to add to your IT solution will be covered.
To view the full white paper and download the PDF, please fill out the form below.