Businesses looking to move data and applications to the cloud are faced with a number of trust-related security challenges. Consequently, cloud adoption is hindered by a complex conundrum: how do you guarantee trust in data when you don’t trust the cloud?
If businesses are going to resolve this issue, they will need to address the three main areas of security concern: protecting data, controlling access to critical information and ensuring compliance.
• Encryption, encryption, encryption!
Encryption is the most effective way to protect information in the cloud. Not only does it separate your data from that of other tenants in any shared cloud environment - it also secures data both in transit and at rest. Encrypted data is also of little or no use to cyber criminals as long as they do not have access to the decryption keys. This significantly reduces the potential damage done by data leakage and minimises security risk for both businesses and their customers.
• Secure data as it progresses
Today, information has to be available anywhere and on any device. To achieve this, enterprises need to ensure that data is secured at every stage: from the moment of generation, to securing each point of access, to protecting the process of communication exchange. Therefore, in order to ensure maximum data security, additional layers of encryption should be applied to the virtual machines and storage volumes, as well as to the processing layer of data exchange.
• Know who’s accessing critical information, and when and how they’re doing it
The cloud environment is shared by multiple users, which makes it difficult to control access to sensitive information and ensure separation of duties. So cloud security requires a strong authentication and access management strategy that enables organisations to control who is accessing critical information, as well as how and when.
This could be achieved through multi-factor authentication and a centralised decryption key management policy, which enables control of who views encrypted data through effective decryption key release policy.
• Store the decryption keys outside the cloud environment
For additional security, enterprises should consider storing the decryption keys outside the virtual environment, in an on-premise hardware repository that cannot be accessed by unauthorised users. This will limit the potential damage of a security breach and will also guarantee that encrypted data is of little or no use to cyber criminals.
Mike Smart, product and solutions director, SafeNet