Light Dark
June 2, 2021 By Mike Elgan 3 min read
Cloud Security
Data Protection

Cloud security and web application security demand technology and practices that protect applications and data hosted remotely. Good old-fashioned data encryption is chief among these. The reasons for encrypting cloud data, of course, are privacy, security and regulatory compliance — all standard for any successful enterprise. At the bottom of all this is the idea of being intentional about encryption, knowing the standards you need to meet and the specifics of your group’s needs. Make sure you’re seeing the whole picture with our guide.

Encryption basics are, well, basic. The process scrambles data, transforming it into a cyphertext until someone applies keys, turning it back into readable or usable data. But that’s the simplest step.

Encrypting sensitive cloud data is like safeguarding cash at a bank. You want to control who has access to the vault, and also control who has access to the code that opens the vault. Properly encrypted data in the cloud can be even more secure than keeping it locally.

Regulations Demand Strong Encryption

Specific regulations protect different kinds of data, depending on whether it’s medical, financial or consumer data. The first step on your compliance journey is to know which regulations cover what data. From there, you can learn how to encrypt and manage that data.

Compliance rules can guide encryption in several ways. For example, data may need to be fully or only partially invisible to, say, customers or specific groups of employees. Part of a credit card number or social security number may need to be visible depending on who is looking the number up.

What Type of Cloud Security Encryption Do You Need?

How do you know what type of encryption to use for the cloud security you need? While there are many encryption types, products and services out there, there are two broad ways to encrypt data. The first, a symmetric algorithm or secret key algorithm, uses the same keys for both encryption and decryption. This method is faster, and may be better for the bulk processing of data that isn’t very sensitive. But it’s also less secure, since anyone with the keys can decrypt.

The second method, an asymmetric algorithm, involves one public and one private key. The public key is for sharing; the private key should be kept secret. Using this and private key encryption at the same time is, of course, the most secure.

When it comes to how to apply this to your business, you should encrypt cloud data while transferring it (from cloud to user and from cloud to cloud), and while storing it. Major cloud providers offer data-at-rest encryption, usually using the vendor’s own tools. And third-party companies also offer encryption services for this data.

HTTPS encryption protects most data in transit. But for truly sensitive data, you may want additional encryption.

Cloud Security Challenges…

Not all data moving in the cloud should be encrypted. But it’s a good cloud security best practice to encrypt personal information, company secrets and work under copyright. Basically, encrypt any data essential to the functioning of the business.

Some challenges stem from this. For example, creating the right encryption service architecture involves making sure only the right people at the right time can access the data. In addition, complex hybrid cloud environments can be a challenge simply because they’re so involved. Architectural differences for cloud encryption — including storage-level, application level, file system based and agent based — make this more complex as well.

… and Benefits

Encryption by itself cannot secure data. It must be combined with good practices. Here are some tips on how to leverage good cloud security through encryption.

The most important of these is sound key management. Use a key management system that works with the tools you have. Your encryption key management needs to be compatible and flexible. If you lose the keys to encrypted data that has not been backed up, you’ve destroyed that data.

Make sure key backups are kept offsite and are subject to audits on a regular schedule. Like passwords, you should change or refresh your encryption keys from time to time. Use multi-factor authentication for both the master and recovery keys.

Create a cloud encryption policy that specifies what data will be encrypted, where it will reside and who will hold the encryption keys. Also, specify how this policy helps you abide by regulations.

Mistakes happen, but there are ways to avoid them. For example, it’s fairly common to rely on low-level encryption, such as file encryption, for sensitive data. That may not be enough. Make sure you size the encryption strength right for the importance of the data. Another common error is to assume that meeting regulatory compliance guarantees your data will be secure. That’s not always the case.

Being intentional in cloud encryption means covering all the bases with sound policies. That includes good key management, and choosing solutions and practices that assure your data is private, secure, and stored according to regulations. Doing this in a sustainable and manageable way means you’re getting the best out of encryption when it comes to cloud security.

 |  |  |  |  | 
Mike Elgan

More from Cloud Security
April 9, 2024

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

April 4, 2024

Cloud security uncertainty: Do you know where your data is?

3 min read - How well are security leaders sleeping at night? According to a recent Gigamon report, it appears that many cyber professionals are restless and worried.In the report, 50% of IT and security leaders surveyed lack confidence in knowing where their most sensitive data is stored and how it’s secured. Meanwhile, another 56% of respondents say undiscovered blind spots being exploited is the leading concern making them restless.The report reveals the ongoing need for improved cloud and hybrid cloud security. Solutions to…

March 14, 2024

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature