Cloud compliance, data protection top reasons for encryption
Cloud compliance, data protection top reasons for encryption
Date: Apr 23, 2015
Cloud computing has changed many aspects of enterprise operations in recent years, but one thing it should never alter is a company's commitment to data security. The cloud can be a great business resource, but only when proper steps have been taken to ensure that information remains protected.
The most popular way to ensure this security is by using cloud encryption, according to Rich Mogull, founder of Securosis.
"One of the best tools that we have at our disposal to protect our information as it's moving around in the cloud … is encryption," Mogull said during a recent SearchCompliance webcast titled Pragmatic Cloud Encryption.
But in order to use encryption correctly, companies must understand how it benefits their cloud computing model, Mogull explained. The first step is determining how company data is stored in the cloud. This will depend on the cloud provider and whether the cloud computing model is Infrastructure as a Service (IaaS), Platform as a Service, or Software as a Service.
In IaaS, for example, there is physical storage followed by layers of abstraction and management, and then either volume storage or object storage. Mogull describes volume storage as a virtual hard drive, whereas object storage is like "a file system with an API layered on top."
The architecture may change for each cloud computing model, but the need for encryption does not. In part one of this webcast, Mogull discusses the four main reasons for encryption when it comes to IaaS cloud models. The first is to protect snapshots -- these information back-ups become extremely portable once in the cloud and could leave data exposed if not encrypted.
The second reason he gives is to protect against cloud administrators who may be able to see company data. Mogull describes this as a "low risk," but is still a concern for some companies.
The third reason, on the other hand, is one of the most important and obvious reasons for encryption: to achieve compliance. Often, regulations such as HIPAA/HITECH require cloud encryption for a company to be compliant.
Mogull's list of reasons for encryption ends with the discussion of protecting against what he calls "seizure spillage" in IaaS. Since cloud computing has a "shared tenancy" model, company information in the cloud could be exposed if the cloud is seized. Encryption, however, would help protect that information.
Watch part one of this webcast to learn more about the basics of cloud architecture and how encryption is vital to cloud computing security. Then visit SearchCompliance to view part two, where Mogull continues his discussion on pragmatic cloud encryption for the digital age.
Let us know what you think about the story; email Ben Cole, site editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.
The most popular way to ensure this security is by using cloud encryption, according to Rich Mogull, founder of Securosis.
"One of the best tools that we have at our disposal to protect our information as it's moving around in the cloud … is encryption," Mogull said during a recent SearchCompliance webcast titled Pragmatic Cloud Encryption.
But in order to use encryption correctly, companies must understand how it benefits their cloud computing model, Mogull explained. The first step is determining how company data is stored in the cloud. This will depend on the cloud provider and whether the cloud computing model is Infrastructure as a Service (IaaS), Platform as a Service, or Software as a Service.
In IaaS, for example, there is physical storage followed by layers of abstraction and management, and then either volume storage or object storage. Mogull describes volume storage as a virtual hard drive, whereas object storage is like "a file system with an API layered on top."
The architecture may change for each cloud computing model, but the need for encryption does not. In part one of this webcast, Mogull discusses the four main reasons for encryption when it comes to IaaS cloud models. The first is to protect snapshots -- these information back-ups become extremely portable once in the cloud and could leave data exposed if not encrypted.
The second reason he gives is to protect against cloud administrators who may be able to see company data. Mogull describes this as a "low risk," but is still a concern for some companies.
The third reason, on the other hand, is one of the most important and obvious reasons for encryption: to achieve compliance. Often, regulations such as HIPAA/HITECH require cloud encryption for a company to be compliant.
Mogull's list of reasons for encryption ends with the discussion of protecting against what he calls "seizure spillage" in IaaS. Since cloud computing has a "shared tenancy" model, company information in the cloud could be exposed if the cloud is seized. Encryption, however, would help protect that information.
Watch part one of this webcast to learn more about the basics of cloud architecture and how encryption is vital to cloud computing security. Then visit SearchCompliance to view part two, where Mogull continues his discussion on pragmatic cloud encryption for the digital age.
Let us know what you think about the story; email Ben Cole, site editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.
More on Enterprise cloud compliance
How to choose the right volume storage encryption system
VIDEO - In part two of this webcast series, Securosis founder Rich Mogull discusses the main components of an encryption system and options for encrypting volume storage.Five strategies to migrate the e-discovery process to the cloud
VIDEO - Follow this five-step strategy to ensure your e-discovery process and data management capabilities remain intact when moving operations to the cloud.Knowing your exact data needs key to cloud service agreements
VIDEO - Before developing a cloud service agreement, companies must first determine their unique data management and e-discovery-specific requirements.Five key strategies for cloud-based e-discovery management
Tip - In this tip, learn five strategies to ensure cloud-based information governance processes meet organizations' unique e-discovery management needs.Hybrid strategies common as organizations strive for cloud GRC
Tip - The lack of a common framework makes cloud security and compliance a difficult proposition. In this tip, learn best practices to ensure cloud GRC.Cloud computing issues and challenges: The GRC factor
Tip - In our latest #GRCchat, tweet jammers discussed cloud computing issues and challenges and explained how governance, risk and compliance factor in.Cloud-based software: Who is responsible for security in the cloud?
Tip - When it comes to cloud-based software and services, who is responsible for security and compliance in cloud computing? #GRCchat participants weigh in.GRC regulations force cloud services providers and customers to adapt
Tip - As governance, risk and compliance regulations continue to expand, cloud services providers and customers must be willing to adapt their data management and security processes.
Cloud storage prices are flirting with free, and capacity limits are on the rise. Just this past March, Google announced its Cloud Storage Nearline service that costs a penny a month for 1GB of storage. Service providers are dropping prices mainly because they can; technology advances – particularly for data that doesn’t need to be accessed often or quickly – has significantly increased storage efficiency, making it possible for providers to offer next-to-nothing prices. But if enterprises are going to take public cloud storage services seriously, they’ll need more than vast bins of low-priced storage to make it work.