A guide to cloud encryption and tokenization
by Bob West - Chief Trust Officer, CipherCloud - Tuesday, 22 April 2014.
Cloud adoption shows every sign of continuing to grow. The sharing of resources helps businesses achieve savings and agility based on economies of scale but there’s a problem: cloud computing can also be an attractive target for cyber thieves.

Businesses using the cloud are now increasingly looking to security experts for help on how to protect their data against unwanted intrusion. With Edward Snowden’s continuing revelations on government spying, and a string of headline-grabbing incidents like the recent Heartbleed security vulnerability, many are calling 2014 the year of encryption.

In order to achieve the best cloud information protection strategy, enterprises must understand what information they use to run their enterprise and what sensitive data should needs protection in the cloud. Businesses migrating to the cloud are being advised to lock down any sensitive data before it leaves their premises, which is why more companies are deploying encryption.

To encrypt or not to encrypt

U.S. cloud providers like Google and Microsoft have been upgrading their server encryption levels. This reinforces the relevance of encrypting sensitive data in the cloud for security and privacy compliance worldwide.

Another factor to consider is only a small percent of a company’s data needs to leverage this technology. A pragmatic approach is to encrypt the sensitive data, such as personally identifiable information or research and development materials that could damage the company and or its customers’ reputation in the event of a breach. All data does not need be encrypted in the same way either. Additionally, for functionality’s sake, information such as credit card numbers may need their formats preserved in ways that address information does not.

But is encryption enough to protect private data? To answer that question, it’s vital to understand the encryption methods and know how they work together to keep data protected against unwanted intrusion.

Symmetric and asymmetric encryption

Most secure online transactions rely on asymmetric encryption to encrypt the tunnels as data moves across servers. This is used by online banking or shopping sites to secure the credit card details entered onto transactions page. It relies on a pair of keys – a public one, used to encrypt the data, and a private one, used to decrypt the data.

Yahoo! joined Google and Microsoft in upgrading HTTPS, the encryption standard used to protect these tunnels, from RSA 1024-bit to 2048-bit. This upgrade fortifies the transport layers to protect network environment.

As a complement, symmetric encryption, which relies on one key, provides data-centric protection and typically encrypts the information before it goes to the cloud. Using the industry standard of AES 256-bit, symmetric encryption scrambles the data and gives the keys to the enterprise. This enables enterprises to tighten control over access to the encrypted information.

One of the factors that influences a company’s decision on how to encrypt their data are the privacy regulations they must follow and desired levels of control to meet internal security and privacy policies. Faced with a valid legal order to decrypt and surrender internal data by a government, enterprises must comply with this request. However, this process is still transparent and does not cede decision-making to a third party.

Cloud encryption best practices

Like with any technology, there are common concerns and best practices to follow when securing data with encryption. The first pitfall is whether a business is using strong enough encryption – especially in light of recent security issues.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th