The last few years have seen innovations in cloud technology that enable even the most privacy- and compliance-conscious enterprises to make use of cloud computing, allowing organizations to reap the financial and operational benefits of the cloud without sacrificing data security or regulatory compliance. Among those innovations, cloud encryption gateways stand out for several reasons. If you’re not sure exactly what a cloud encryption gateway is or why it matters, read this primer to get up to speed.
What is a cloud encryption gateway?
Cloud encryption gateways provide cloud security proxy (typically at the application level), which performs encryption, tokenization or both on an item-by-item basis as data flows through the proxy. The obfuscated (encrypted or tokenized) data can then be stored in a cloud-based software-as-a-service (SaaS) application, such as salesforce.com. Cloud encryption gateways typically provide a choice of various encryption and tokenization algorithms, depending on the strength of protection required and how much format preservation is necessary (for example, to preserve sorting).
Simply put, a cloud encryption gateway discovers sensitive data before it leaves the enterprise perimeter and applies the appropriate protections to the data based on enterprise data security and compliance policies.
What are the benefits of cloud encryption gateways?
Cloud encryption gateways have several unique benefits. Unlike encryption solutions that start at the cloud service provider (CSP), gateways can provide persistent encryption that protects data in transit to the cloud, at rest in the cloud, and while in use within cloud applications while preserving cloud application functionality. Cloud encryption gateways are typically discrete appliances, and include multiple functions—discovery, encryption, tokenization, activity monitoring, DLP enforcement, and malware detection, and can be integrated into existing enterprise infrastructures.
Cloud encryption gateways are of particular use to enterprises that have adopted more than one CSP. The best cloud encryption gateways provide easy integration with multiple cloud applications and provide a way to unify data protection strategy across all CSPs. Instead of having to deal with multiple cloud encryption schemes and monitoring, visibility, and DLP enforcement tools, enterprises with multi-cloud deployments can unify all their cloud information protection needs in one solution, streamlining data security and making it easier to control for compliance and privacy.
Finally, cloud encryption gateways solve the pressing issue of encryption key access by enabling enterprises to retain exclusive control of their encryption keys. Tightly controlled encryption key access is critical to true cloud data security, since it prevents data access in the clear by unauthorized third parties. It is also a requirement of data privacy regulations like PCI DSS. With a cloud encryption gateway, neither the CSPs nor the encryption providers will have access to the encryption keys.
Cloud technology is transforming business. With cloud computing, particularly public cloud computing, organizations can enjoy unprecedented levels of agility, flexibility, and scalability at prices dramatically lowered thanks to the economies of scale of CSPs. However, security has always been a concern when it comes to the cloud. Cloud encryption gateways address that concern and empower enterprises to make full use of the cloud while still maintaining full confidence in the privacy and integrity of their sensitive data.
- On-Demand webinar – “Cloud Encryption 101: Understanding the Basics“. Listen in and learn about: How cloud encryption technologies work; Case studies on how and why organizations are using these technologies, plus a demo of cloud encryption technologies in action!
- Free eBook/evaluation guide: “What You Need to Know About Cloud Information Protection Solutions” – Let’s face it – many of us are skeptical about the security of our information in the Cloud.
This evaluation guide includes a handy “report card” and 5 critically important business and technical considerations you will want to understand.
- Blog post – “Cloud Information Protection: Asymmetric vs. Symmetric Encryption”
Is your organization considering a cloud encryption gateway? Tell us why, or why not, in the comments.