TMCnet Feature Free eNews Subscription
August 27, 2014

Encrypted Cloud Storage: How Enterprises Are Doing it Wrong

By TMCnet Special Guest
Gilad Parrann Nissany, CEO and co-Founder Porticor

Encrypting cloud storage is now in the mainstream, the accepted best practice and a business imperative. Across the world and all industries, enterprises need to encrypt cloud data to stay compliant, safe and competitive.

There are several offerings of encrypted cloud storage for enterprises. And yet, many enterprises are still doing it wrong.

Which of these pitfalls has your company fallen into?

Encrypted Cloud Storage Mistakes

1.      Allowing Others to Control and Access Stored Data

Whether they do so knowingly or naively, by using a provider to encrypt data and manage encryption keys, enterprises are enabling that provider (and his employees) to access and control their data. Being that most enterprises are encrypting data that is sensitive or regulated, losing control of the encryption keys is one of the biggest, and most common mistakes.



By using split key encryption and homomorphic key management with their encrypted cloud storage, enterprises can enjoy the benefits of the cloud without compromising security.

2.      Neglecting Disaster Recovery

When migrating data to the cloud, enterprises must be aware of their disaster recovery options should a failure occur. Many companies take it for granted that data stored in the cloud will always be available, but this is not always so.

If the cloud provider’s data center experiences a technical failure or a natural disaster, data can become unavailable. There have actually been several such actual cases so this is no theory but a practical problem.

Take steps to ensure the right data is replicated or backed up. Today’s cloud technology allows you to run replicas on physically remote data centers, achieving truly strong disaster recover capabilities at low cost.  Replicated systems must also be encrypted, using the same self-controlled key management systems mentioned above. Also, go through a disaster recovery simulation to make sure that disasters are not detrimental to your enterprise.

3.      Extending Compliance to Encrypted Cloud Storage

Companies in regulated industries like healthcare, financial, or legal, have an obligation to protect sensitive data, which authorities take quite seriously. This obligation is not lessened in the cloud. When using encrypted cloud storage, regulations are more easily met, which is actually one of the benefits of encryption. However, controlling the encryption keys is essential for achieving full compliance and “safe harbor” – make sure you own your encryption keys.

4.      Overlooking Access Controls

Most enterprises understand the need to limit the access to certain data to individuals or role types. However, when data is stored in the cloud, those access controls need to be maintained (or replicated). If IT personnel, for example, do not have access to salary data of the entire company, it does not make sense to grant them access to the same information once it is stored in the cloud.

There are many things enterprises can do wrong: there are public relations scandals and advertising nightmares, but when it comes to information security, there is little room for error. Data is the lifeline of business and protecting it, on premise and in the cloud, is a responsibility that cannot be taken lightly.

Migrating to the cloud has many benefits. Encrypted cloud storage is a useful innovation, but to use it correctly, control must be ensured, “safe harbor” regulations taken into account, and disasters must be avoided and planned for.




Edited by Maurice Nagle
» More TMCnet Feature Articles
Get stories like this delivered straight to your inbox. [Free eNews Subscription]
SHARE THIS ARTICLE

LATEST TMCNET ARTICLES

» More TMCnet Feature Articles