The surge in data breaches and cyber attacks over the past two years have companies increasingly eyeing data security in the cloud. According to the Ponemon Institute’s report, Encryption in the Cloud, published in 2014, 53% of organizations have transferred sensitive or confidential data to the cloud. Yet data encryption rates are relatively low. The same survey reports that roughly half of these companies use data encryption. Cost and complexity to implement data encryption solutions are often to blame. But with proper planning, implementing a solid data encryption initiative is possible. HOSTING shows you how to get started.
Data encryption challenges
While the lack of companies encrypting their data may be surprising, it’s certainly understandable. Unless an organization engages with a cloud service provider (CSP) that is experienced in designing and implementing cloud security solutions, data security controls can be challenging to implement on their own.
In addition, organizations may be in a quandary over encryption key management. While some companies are adamant about retaining custodianship of the keys and access policies, there may be times when the CSP requires access to enterprise data. For example, the CSP may also be tasked to monitor a customer’s environment.
Despite these challenges, data encryption enables organizations to build a strong security posture. And in some cases, such as when adhering to compliance regulations mandated by HIPAA/HITECH and PCI DSS, data encryption is required. Fortunately, with a little planning and support from an experienced CSP, data encryption can be manageable.
Planning for data encryption
Mark Twain once said, “Eat a live frog first thing in the morning and nothing worse will happen to you the rest of the day.” While his statement provides an unappetizing visual, we get his point. Tackle the hardest problem on your plate first. In the case of data encryption, “eat a live frog” means classifying your data and inventorying your services in order to determine the following:
- Where an organization’s most important data is located
- Who has access to it
- And how it should be handled
Most organizations have a plethora of cloud services in active use. However, not all of those applications process sensitive or confidential information. As a result, not all of them will require data encryption. By classifying data, companies have clear insights as to what applications and environments process data that needs encryption.
The next step is to evaluate data usage, whether to encrypt it and how to implement data encryption. Keep in mind that depending on the cloud model(s) they use, an organization may need to leverage different encryption tools. For example, encrypting data in a Software as a Service (SaaS) application can be very different than encrypting a database within a Platform as a Service (PaaS) or a large amount of data stored in an Infrastructure as a Service (IaaS). A qualified CSP can review the tools available and guide organizations into selecting the ones that best fit their needs.
Planning for and implementing data encryption may seem daunting. However, proper data encryption not only safeguards business-critical data, it can also offer a competitive advantage. Companies with strong data encryption policies can transact securely any time, and from any place, allowing them to serve new customer segments or territories. HOSTING offers data encryption services that safeguard business-critical data at rest, in transit and in mobile devices. Contact HOSTING to learn more. And check out our on-demand webinar, How to Spend Your Cloud Security Dollar, for experts insights on how to invest smartly in cloud security.