Welcome!

Related Topics: @CloudExpo, Containers Expo Blog

@CloudExpo: Blog Feed Post

Enterprises Are Doing Encrypted Cloud Storage Wrong

When migrating data to the cloud, enterprises must be aware of their disaster recovery options

Encrypting cloud storage is now in the mainstream, the accepted best practice and a business imperative. Across the world and all industries, enterprises need to encrypt cloud data to stay compliant, safe and competitive.

There are several offerings of encrypted cloud storage for enterprises. And yet, many enterprises are still doing it wrong.

Which of these pitfalls has your company fallen into?

Encrypted Cloud Storage Mistakes

1. Allowing Others to Control and Access Stored Data
Whether they do so knowingly or naively, by using a provider to encrypt data and manage encryption keys, enterprises are enabling that provider (and his employees) to access and control their data. Being that most enterprises are encrypting data that is sensitive or regulated, losing control of the encryption keys is one of the biggest, and most common mistakes.

By using split key encryption and homomorphic key management with their encrypted cloud storage, enterprises can enjoy the benefits of the cloud without compromising security.

2. Neglecting Disaster Recovery
When migrating data to the cloud, enterprises must be aware of their disaster recovery options should a failure occur. Many companies take it for granted that data stored in the cloud will always be available, but this is not always so.

If the cloud provider's data center experiences a technical failure or a natural disaster, data can become unavailable. There have actually been several such actual cases so this is no theory but a practical problem.

Take steps to ensure the right data is replicated or backed up. Today's cloud technology allows you to run replicas on physically remote data centers, achieving truly strong disaster recover capabilities at low cost. Replicated systems must also be encrypted, using the same self-controlled key management systems mentioned above. Also, go through a disaster recovery simulation to make sure that disasters are not detrimental to your enterprise.

3. Extending Compliance to Encrypted Cloud Storage
Companies in regulated industries like healthcare, financial, or legal, have an obligation to protect sensitive data, which authorities take quite seriously. This obligation is not lessened in the cloud. When using encrypted cloud storage, regulations are more easily met, which is actually one of the benefits of encryption. However, controlling the encryption keys is essential for achieving full compliance and "safe harbor" - make sure you own your encryption keys.

4. Overlooking Access Controls
Most enterprises understand the need to limit the access to certain data to individuals or role types. However, when data is stored in the cloud, those access controls need to be maintained (or replicated). If IT personnel, for example, do not have access to salary data of the entire company, it does not make sense to grant them access to the same information once it is stored in the cloud.

There are many things enterprises can do wrong: there are public relations scandals and advertising nightmares, but when it comes to information security, there is little room for error. Data is the lifeline of business and protecting it, on premise and in the cloud, is a responsibility that cannot be taken lightly.

Migrating to the cloud has many benefits. Encrypted cloud storage is a useful innovation, but to use it correctly, control must be ensured, "safe harbor" regulations taken into account, and disasters must be avoided and planned for.

The post Encrypted Cloud Storage: How Enterprises Are Doing it Wrong appeared first on Porticor Cloud Security.

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

Latest Stories
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Pulzze Systems was happy to participate in such a premier event and thankful to be receiving the winning investment and global network support from G-Startup Worldwide. It is an exciting time for Pulzze to showcase the effectiveness of innovative technologies and enable them to make the world smarter and better. The reputable contest is held to identify promising startups around the globe that are assured to change the world through their innovative products and disruptive technologies. There w...
Is the ongoing quest for agility in the data center forcing you to evaluate how to be a part of infrastructure automation efforts? As organizations evolve toward bimodal IT operations, they are embracing new service delivery models and leveraging virtualization to increase infrastructure agility. Therefore, the network must evolve in parallel to become equally agile. Read this essential piece of Gartner research for recommendations on achieving greater agility.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
To leverage Continuous Delivery, enterprises must consider impacts that span functional silos, as well as applications that touch older, slower moving components. Managing the many dependencies can cause slowdowns. See how to achieve continuous delivery in the enterprise.
Enterprises have forever faced challenges surrounding the sharing of their intellectual property. Emerging cloud adoption has made it more compelling for enterprises to digitize their content, making them available over a wide variety of devices across the Internet. In his session at 19th Cloud Expo, Santosh Ahuja, Director of Architecture at Impiger Technologies, will introduce various mechanisms provided by cloud service providers today to manage and share digital content in a secure manner....
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
Akana has announced the availability of version 8 of its API Management solution. The Akana Platform provides an end-to-end API Management solution for designing, implementing, securing, managing, monitoring, and publishing APIs. It is available as a SaaS platform, on-premises, and as a hybrid deployment. Version 8 introduces a lot of new functionality, all aimed at offering customers the richest API Management capabilities in a way that is easier than ever for API and app developers to use.
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abil...