|By Gilad Parann-Nissany||
|September 7, 2014 07:00 PM EDT||
Encrypting cloud storage is now in the mainstream, the accepted best practice and a business imperative. Across the world and all industries, enterprises need to encrypt cloud data to stay compliant, safe and competitive.
There are several offerings of encrypted cloud storage for enterprises. And yet, many enterprises are still doing it wrong.
Which of these pitfalls has your company fallen into?
Encrypted Cloud Storage Mistakes
1. Allowing Others to Control and Access Stored Data
Whether they do so knowingly or naively, by using a provider to encrypt data and manage encryption keys, enterprises are enabling that provider (and his employees) to access and control their data. Being that most enterprises are encrypting data that is sensitive or regulated, losing control of the encryption keys is one of the biggest, and most common mistakes.
By using split key encryption and homomorphic key management with their encrypted cloud storage, enterprises can enjoy the benefits of the cloud without compromising security.
2. Neglecting Disaster Recovery
When migrating data to the cloud, enterprises must be aware of their disaster recovery options should a failure occur. Many companies take it for granted that data stored in the cloud will always be available, but this is not always so.
If the cloud provider's data center experiences a technical failure or a natural disaster, data can become unavailable. There have actually been several such actual cases so this is no theory but a practical problem.
Take steps to ensure the right data is replicated or backed up. Today's cloud technology allows you to run replicas on physically remote data centers, achieving truly strong disaster recover capabilities at low cost. Replicated systems must also be encrypted, using the same self-controlled key management systems mentioned above. Also, go through a disaster recovery simulation to make sure that disasters are not detrimental to your enterprise.
3. Extending Compliance to Encrypted Cloud Storage
Companies in regulated industries like healthcare, financial, or legal, have an obligation to protect sensitive data, which authorities take quite seriously. This obligation is not lessened in the cloud. When using encrypted cloud storage, regulations are more easily met, which is actually one of the benefits of encryption. However, controlling the encryption keys is essential for achieving full compliance and "safe harbor" - make sure you own your encryption keys.
4. Overlooking Access Controls
Most enterprises understand the need to limit the access to certain data to individuals or role types. However, when data is stored in the cloud, those access controls need to be maintained (or replicated). If IT personnel, for example, do not have access to salary data of the entire company, it does not make sense to grant them access to the same information once it is stored in the cloud.
There are many things enterprises can do wrong: there are public relations scandals and advertising nightmares, but when it comes to information security, there is little room for error. Data is the lifeline of business and protecting it, on premise and in the cloud, is a responsibility that cannot be taken lightly.
Migrating to the cloud has many benefits. Encrypted cloud storage is a useful innovation, but to use it correctly, control must be ensured, "safe harbor" regulations taken into account, and disasters must be avoided and planned for.
The post Encrypted Cloud Storage: How Enterprises Are Doing it Wrong appeared first on Porticor Cloud Security.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Sep. 30, 2016 04:45 AM EDT Reads: 4,714
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
Sep. 30, 2016 04:45 AM EDT Reads: 1,401
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
Sep. 30, 2016 04:30 AM EDT Reads: 1,920
Sep. 30, 2016 04:00 AM EDT Reads: 4,880
Sep. 30, 2016 03:45 AM EDT Reads: 2,234
Sep. 30, 2016 03:45 AM EDT Reads: 3,067
Sep. 30, 2016 03:15 AM EDT Reads: 1,747
Sep. 30, 2016 03:00 AM EDT Reads: 1,934
Sep. 30, 2016 03:00 AM EDT Reads: 1,625
Sep. 30, 2016 02:45 AM EDT Reads: 2,432
Sep. 30, 2016 02:15 AM EDT Reads: 1,638
Sep. 30, 2016 02:00 AM EDT Reads: 2,083
Sep. 30, 2016 02:00 AM EDT Reads: 1,388
Sep. 30, 2016 01:45 AM EDT Reads: 2,192
Sep. 30, 2016 01:15 AM EDT Reads: 2,968