Encrypt cloud or things will get hazy
Cloud security needs consideration of encryption too, says Phil Lieberman
While the economic imperative of migrating data to the cloud is clear, organisations also need to revisit their data encryption before making the leap.
I believe that organisations of all sizes, not just SMBs, may overlook aspects of their data encryption needs for cloud data, as they focus on the savings they expect from migration.
I would say that security, accountability and transparency aspects are not being handled well by cloud vendors here.
With cloud resources, firms are effectively losing direct control over their own data and this makes the task of compliance to an increasingly complex set of rules, such as PCI DSS, all the more complex.
Also, where cloud data storage is involved, businesses need to take a centralised management approach to data encryption to give IT staff maximum control, with minimal impact on operations and productivity.
The challenges for cloud users and providers will include the management of encryption systems, including encryption key management.
There are also potential issues with trying to index data that is in encrypted form in the database. Encryption approaches will have to examine data in flight (point to point encryption) as well as data at rest (databases and other forms of storage).
For SMBs and many others, this will be a new experience.
The process of planning for migration of storage and allied systems to a cloud platform should be welcomed and not regarded as a chore by IT staff. It is a clear opportunity to reappraise their organisation's data encryption systems.
Unfortunately, SMB customers are unable to judge the competence of larger providers of cloud services, and applications for the cloud rarely have data encryption as either a base or optional offering. Consequently, cloud providers attempting to win customers will inevitably be unable to offer a more compelling argument than 'trust me'.
I believe our customers are reinvesting some of the cost savings that the cloud brings to their data storage platform by enhancing the encryption of data at all points in their business.
Put simply, this means encrypting data across any endpoint: desktop, laptop, handheld device, and removable media. It also means implementing full disk encryption where appropriate. This ensures that any and all data that flows to and from the cloud is fully protected.
I have heard that SMBs are now joining a growing number of enterprises that are moving IT to the cloud. They should all, in my opinion, beware of adopting a resource that does not encrypt data in a centralised way.
Phil Lieberman is president and chief executive officer at Lieberman Software