Data privacy is a key concern with cloud computing. Can you be sure that the vendor’s controls over data access would match your own? Most cloud service providers absolve themselves from privacy concerns by saying ‘we don’t look at your data.’
Breach notification is a related concern. Cloud service providers may not observe the same data breach notification rules as your business. If breach notification is not explicitly spelled out in your contract, then you can find yourself in a bind where you are obligated to notify customers of a breach but your cloud provider doesn’t notify you.
Traditional encryption methods (in-transit encryption using SSL, encrypted storage) are at best a partial solution to these problems. Many cloud vendors do not offer data-at-rest encryption, and even if they do, traditional encryption methods fall short for several reasons.
1. According to the SANS Institute, a security research and education organization, attacks against web applications constitute 60% of the total attack attempts observed on the internet. Database encryption fails to protect against such attacks, as data is decrypted prior to being presented to the web application
2. Encrypting data ‘at rest’ or in storage has a performance impact – data must be decrypted when accessed, and encrypted again when written to storage. Added to the inherent latency of the cloud, this can affect endpoint performance. As a result, service providers do not uniformly offer encryption for data at rest
3. Even if data is encrypted in storage and in transit, it is unencrypted (in the clear) during processing – introducing all of the concerns about data remanence and residency described above
4. Who controls encryption keys? If encryption keys reside within the cloud vendor’s infrastructure, then once again the status of the encrypted data is in question
CipherCloud: A new model for encrypting data in the cloud
Rather than relying on cloud providers to encrypt data, CipherCloud applies encryption on a field-by-field basis, according to your policies, before sensitive data leaves the enterprise.
CipherCloud is an in-line security gateway that sits between your users and the cloud application. It offers multiple AES compatible encryption and tokenization options, including a patent-pending form-and-function preserving encryption algorithm. It encrypts data that you identify as sensitive, on the fly, before it leaves the enterprise. The users see the ‘real’ data when accessing the application through the CipherCloud security gateway, but the data stored in the cloud application is encrypted to anyone accessing the application directly.
By applying encryption in a cloud security gateway, CipherCloud eliminates the inherent security, privacy and regulatory compliance risks of cloud computing. Your business never loses control of its sensitive data, yet you can achieve the full benefits of cloud computing.