|By Gilad Parann-Nissany||
|September 7, 2014 07:00 PM EDT||
Encrypting cloud storage is now in the mainstream, the accepted best practice and a business imperative. Across the world and all industries, enterprises need to encrypt cloud data to stay compliant, safe and competitive.
There are several offerings of encrypted cloud storage for enterprises. And yet, many enterprises are still doing it wrong.
Which of these pitfalls has your company fallen into?
Encrypted Cloud Storage Mistakes
1. Allowing Others to Control and Access Stored Data
Whether they do so knowingly or naively, by using a provider to encrypt data and manage encryption keys, enterprises are enabling that provider (and his employees) to access and control their data. Being that most enterprises are encrypting data that is sensitive or regulated, losing control of the encryption keys is one of the biggest, and most common mistakes.
By using split key encryption and homomorphic key management with their encrypted cloud storage, enterprises can enjoy the benefits of the cloud without compromising security.
2. Neglecting Disaster Recovery
When migrating data to the cloud, enterprises must be aware of their disaster recovery options should a failure occur. Many companies take it for granted that data stored in the cloud will always be available, but this is not always so.
If the cloud provider's data center experiences a technical failure or a natural disaster, data can become unavailable. There have actually been several such actual cases so this is no theory but a practical problem.
Take steps to ensure the right data is replicated or backed up. Today's cloud technology allows you to run replicas on physically remote data centers, achieving truly strong disaster recover capabilities at low cost. Replicated systems must also be encrypted, using the same self-controlled key management systems mentioned above. Also, go through a disaster recovery simulation to make sure that disasters are not detrimental to your enterprise.
3. Extending Compliance to Encrypted Cloud Storage
Companies in regulated industries like healthcare, financial, or legal, have an obligation to protect sensitive data, which authorities take quite seriously. This obligation is not lessened in the cloud. When using encrypted cloud storage, regulations are more easily met, which is actually one of the benefits of encryption. However, controlling the encryption keys is essential for achieving full compliance and "safe harbor" - make sure you own your encryption keys.
4. Overlooking Access Controls
Most enterprises understand the need to limit the access to certain data to individuals or role types. However, when data is stored in the cloud, those access controls need to be maintained (or replicated). If IT personnel, for example, do not have access to salary data of the entire company, it does not make sense to grant them access to the same information once it is stored in the cloud.
There are many things enterprises can do wrong: there are public relations scandals and advertising nightmares, but when it comes to information security, there is little room for error. Data is the lifeline of business and protecting it, on premise and in the cloud, is a responsibility that cannot be taken lightly.
Migrating to the cloud has many benefits. Encrypted cloud storage is a useful innovation, but to use it correctly, control must be ensured, "safe harbor" regulations taken into account, and disasters must be avoided and planned for.
The post Encrypted Cloud Storage: How Enterprises Are Doing it Wrong appeared first on Porticor Cloud Security.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Jan. 18, 2017 03:30 PM EST Reads: 3,662
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
Jan. 18, 2017 03:30 PM EST Reads: 3,394
Jan. 18, 2017 02:45 PM EST Reads: 1,581
Jan. 18, 2017 02:15 PM EST Reads: 964
Jan. 18, 2017 02:00 PM EST Reads: 347
Jan. 18, 2017 02:00 PM EST Reads: 911
Jan. 18, 2017 01:00 PM EST Reads: 3,458
Jan. 18, 2017 01:00 PM EST Reads: 4,435
Jan. 18, 2017 01:00 PM EST Reads: 5,589
Jan. 18, 2017 01:00 PM EST Reads: 5,095
Jan. 18, 2017 12:30 PM EST Reads: 2,488
Jan. 18, 2017 12:30 PM EST Reads: 6,302
Jan. 18, 2017 12:15 PM EST Reads: 1,518
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 7-9, 2017, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and E...
Jan. 18, 2017 12:00 PM EST Reads: 5,751
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
Jan. 18, 2017 12:00 PM EST Reads: 1,937