Cloud computing has come a long way in the last few years. Most organizations have adopted the cloud to some degree, and SaaS in particular looks set to continue its growth. The cloud’s benefits can’t be denied, after all. And security tools like cloud encryption and tokenization can help make it a safe place—in some cases, safer than enterprise networks themselves, since there are more total breaches inside enterprise networks than in the cloud. Without those tools, though, your data’s about as safe as an unguarded stagecoach in the Wild West. See the cool infographic “Eight Everyday Things Encryption Protects” and you’ll get the picture even quicker!
Data breaches are everywhere. In the first half of 2012, 189 data breaches exposed about 13.73 million records. And the number of data breaches continues to grow. In recent news, Adobe had both customer and source code stolen from its systems, in what GigaOm is saying “may be the biggest compromise of a software vendor’s security” in the last two years. Zendesk was breached this year; so were Evernote, LexisNexis, Dunn & Bradstreet, and Altegrity’s Kroll Background America. Without cloud encryption and other protections in place, your data, like the data of those providers’ customers, is vulnerable.
The key challenge lies in trust. Ideally, an organization should be able to trust both its cloud providers and its own employees to adhere to data security best practices. We don’t live in an ideal world, though. In multi-tenant environments, flaws in one tenant’s environment could introduce vulnerabilities in others. Employees, meanwhile, make mistakes, circumventing corporate cloud use policies for the sake of convenience. And hackers may be either looking for an opening into your environment, or already inside. The ugly truth is that many factors work against your enterprise’s need for data privacy in the cloud.
Feel-Good Stories: Successes in Cloud Encryption and Protection
- CipherCloud for Microsoft Exchange and Office 365: A leading provider of credit card rewards programs wanted to move business-critical IT functions to the cloud. PCI and regional privacy laws posed challenges, however. The customer deployed CipherCloud in its virtual AWS environment. Doing so dramatically reduced the customer’s email infrastructure costs and freed up IT resources, two major benefits of the cloud. At the same time, CipherCloud’s cloud encryption and tokenization made the customer’s data more secure in the cloud than in the customer’s old in-house email infrastructure. Now that’s a win-win situation.
- CipherCloud for Box: A major financial services vendor wanted to enable collaboration on Box, but faced concerns with respect to regulations around residency and privacy of sensitive data. To address those concerns, the customer deployed CipherCloud for Box. In addition to the persistent cloud encryption of all data bound for Box, the CipherCloud deployment gave the customer integration with third-party DLP solutions and scanning and visibility capabilities to monitor Box usage and detect policy violations. The sensitivity of this customer’s data meant that nothing less than CipherCloud’s comprehensive cloud information protection would do.
- CipherCloud for Salesforce: One of Canada’s top banks wanted to develop a cloud-based banking CRM system. Complicating the project were both PIPEDA privacy laws and potential data disclosures forced by the U.S. Patriot Act. CipherCloud provided a cloud encryption platform tailored for Salesforce. The platform provides AES 256 encryption while preserving Salesforce’s usability. This allowed the customer to maintain compliance while driving the application’s adoption to 100% within its user base in the company.
These success stories, as well as the many others under CipherCloud’s belt, demonstrate the power of an effective cloud information protection program. The cloud is here to stay, but so are the risks it brings to an enterprise’s data privacy. The best way to mitigate those risks and take advantage of the cloud’s benefits is through a comprehensive cloud encryption, tokenization, and DLP strategy. Only CipherCloud offers that strategy while giving enterprises full control of their encryption keys and preserving the functionality of IT’s leading cloud applications.
Relevant Helpful Resources
- On-Demand webinar – “Cloud Encryption 101: Understanding the Basics“. Listen in and learn about: How cloud encryption technologies work; Case studies on how and why organizations are using these technologies, plus a demo of cloud encryption technologies in action!
- Free eBook/evaluation guide: “What You Need to Know About Cloud Information Protection Solutions” – Let’s face it – many of us are skeptical about the security of our information in the Cloud.
This evaluation guide includes a handy “report card” and 5 critically important business and technical considerations you will want to understand.
- Blog post – “Cloud Information Protection: Asymmetric vs. Symmetric Encryption”
How does your organization plan to prevent data breaches in the cloud? Let us know in the comments.