Cloud Security
June 2, 2021 By Mike Elgan 3 min read

Cloud security and web application security demand technology and practices that protect applications and data hosted remotely. Good old-fashioned data encryption is chief among these. The reasons for encrypting cloud data, of course, are privacy, security and regulatory compliance — all standard for any successful enterprise. At the bottom of all this is the idea of being intentional about encryption, knowing the standards you need to meet and the specifics of your group’s needs. Make sure you’re seeing the whole picture with our guide.

Encryption basics are, well, basic. The process scrambles data, transforming it into a cyphertext until someone applies keys, turning it back into readable or usable data. But that’s the simplest step.

Encrypting sensitive cloud data is like safeguarding cash at a bank. You want to control who has access to the vault, and also control who has access to the code that opens the vault. Properly encrypted data in the cloud can be even more secure than keeping it locally.

Regulations Demand Strong Encryption

Specific regulations protect different kinds of data, depending on whether it’s medical, financial or consumer data. The first step on your compliance journey is to know which regulations cover what data. From there, you can learn how to encrypt and manage that data.

Compliance rules can guide encryption in several ways. For example, data may need to be fully or only partially invisible to, say, customers or specific groups of employees. Part of a credit card number or social security number may need to be visible depending on who is looking the number up.

What Type of Cloud Security Encryption Do You Need?

How do you know what type of encryption to use for the cloud security you need? While there are many encryption types, products and services out there, there are two broad ways to encrypt data. The first, a symmetric algorithm or secret key algorithm, uses the same keys for both encryption and decryption. This method is faster, and may be better for the bulk processing of data that isn’t very sensitive. But it’s also less secure, since anyone with the keys can decrypt.

The second method, an asymmetric algorithm, involves one public and one private key. The public key is for sharing; the private key should be kept secret. Using this and private key encryption at the same time is, of course, the most secure.

When it comes to how to apply this to your business, you should encrypt cloud data while transferring it (from cloud to user and from cloud to cloud), and while storing it. Major cloud providers offer data-at-rest encryption, usually using the vendor’s own tools. And third-party companies also offer encryption services for this data.

HTTPS encryption protects most data in transit. But for truly sensitive data, you may want additional encryption.

Cloud Security Challenges…

Not all data moving in the cloud should be encrypted. But it’s a good cloud security best practice to encrypt personal information, company secrets and work under copyright. Basically, encrypt any data essential to the functioning of the business.

Some challenges stem from this. For example, creating the right encryption service architecture involves making sure only the right people at the right time can access the data. In addition, complex hybrid cloud environments can be a challenge simply because they’re so involved. Architectural differences for cloud encryption — including storage-level, application level, file system based and agent based — make this more complex as well.

… and Benefits

Encryption by itself cannot secure data. It must be combined with good practices. Here are some tips on how to leverage good cloud security through encryption.

The most important of these is sound key management. Use a key management system that works with the tools you have. Your encryption key management needs to be compatible and flexible. If you lose the keys to encrypted data that has not been backed up, you’ve destroyed that data.

Make sure key backups are kept offsite and are subject to audits on a regular schedule. Like passwords, you should change or refresh your encryption keys from time to time. Use multi-factor authentication for both the master and recovery keys.

Create a cloud encryption policy that specifies what data will be encrypted, where it will reside and who will hold the encryption keys. Also, specify how this policy helps you abide by regulations.

Mistakes happen, but there are ways to avoid them. For example, it’s fairly common to rely on low-level encryption, such as file encryption, for sensitive data. That may not be enough. Make sure you size the encryption strength right for the importance of the data. Another common error is to assume that meeting regulatory compliance guarantees your data will be secure. That’s not always the case.

Being intentional in cloud encryption means covering all the bases with sound policies. That includes good key management, and choosing solutions and practices that assure your data is private, secure, and stored according to regulations. Doing this in a sustainable and manageable way means you’re getting the best out of encryption when it comes to cloud security.

 |  |  |  |  | 
Mike Elgan

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

September 14, 2023

How I got started: Cloud security engineer

3 min read - In today’s increasingly cloud-focused business environment, cloud security engineers are pivotal in protecting an organization’s critical data and infrastructure. As experts in cloud security, they leverage their expertise to ensure that the ever-expanding amount of cloud data is safe from emerging threats and vulnerabilities. Cloud security professionals combine their passion for technology with a deep understanding of security principles to design and implement robust cloud security strategies. What experience do these security experts have, and what led them to the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature