Encryption and Key Management Recognised by the ICO as Requirements for Protecting Privacy in the Cloud
LONDON, UK, October 3, 2012 -- CipherCloud, the leader in cloud encryption, today announced UK government and business organisations can now meet ICO (Information Commisioners Office) requirements for using the cloud under the UK Data Protection Act. The ICO guidance specifies that encryption "allows a cloud customer to ensure that the personal data they are responsible for can only be accessed by authorised parties." The guidance follows previous ENISA (European Network and Information Security Agency) findings that an organisation "can outsource responsibility but you can't outsource accountability." Organisations failing to protect private data can be fined up to £500,000 per incident by the ICO. Following the ICO guidance, businesses and governments can use CipherCloud encryption gateways to easily secure data in real-time and preserve functionality for users across desktop, web, and mobile applications.
"The ICO guidance is a reminder for everyone, from the board through to CISOs, that using the cloud does not shift accountability for protecting personal information," said Paul Simmonds, co-founder of the Jericho Forum and previously CISO at AstraZeneca and ICI. "This guidance reinforces the ICO's long stand position that encryption combined with auditable key management is the most effective way to safeguard personal information. Organisations that are considering moving to the cloud now have a simple and straightforward set of guidance that will help avoid the reputational damage that comes with a data breach, and the subsequent penalties from the ICO.”
CipherCloud's award-winning cloud encryption gateway secures sensitive data in real-time across multiple cloud applications without impacting functionality or performance. In July, CipherCloud was awarded Best Product by the UK-ISSA for its ability to help UK enterprises break the data privacy, residency, security, and compliance barriers to moving to the cloud. The barriers include the EU Data Protection Act and national implementations such as the UK Data Protection Act enforced by the ICO. CipherCloud secures millions of public and private cloud applications including Salesforce, Force.com, Chatter, Gmail, Office 365, and Amazon AWS.
"By clearly specifying the use of encryption to keep sensitive data private and safe, the ICO is helping businesses and government address the demands of complying with the UK Data Protection in the age of cloud computing," said Richard Olver, Regional Director of EMEA at CipherCloud. "The ICO explicitly called out its ability to levy fines and recent penalties as a clear warning that it will penalise organisations not meeting their data privacy responsibilities. CipherCloud's groundbreaking cloud encryption gateway is making it easy for UK and European organisations to meet their data privacy and regulatory obligations in the cloud."
CipherCloud is the market-leading provider of cloud encryption and tokenisation gateways that enable enterprises to securely adopt cloud applications by eliminating concerns about data privacy, residency, security, and regulatory compliance. CipherCloud’s operations-preserving encryption and tokenisation technology secures sensitive information in real time, before it's sent to the cloud, without impacting usability or performance, or requiring any change to the application. The CipherCloud Platform secures multiple cloud applications including Salesforce, Force.com, Chatter, Gmail, Office 365, and Amazon AWS. Based in the San Francisco Bay Area, CipherCloud is backed by premier venture capital firms including Andreessen Horowitz, Index Ventures, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud.