KEEPING
FUNCTIONALITY
AND ENCRYPTION
IN THE CLOUD
Businesses in the EMEA region are embracing the cloud, storing
everything from customer and sales data to intellectual property
in popular SaaS and IaaS platforms. This is a boon to business,
but security gaps – and growing compliance requirements – are
forcing IT teams to look for ways to maintain control over data
in the cloud. Anurag Kahol, CTO at Bitglass, believes cloud
encryption is the most effective way to protect data – but there
are a few functionality issues faced by cloud encryption solutions.
He talks to Intelligent CISO about how to achieve data protection
without sacrificing cloud app functionality.
T
he growing
popularity of
public cloud
applications has
fundamentally
changed the way
many businesses
operate but it has also created a number
of previously unseen data security and
compliance issues. it takes a significant amount of stress
out of operationalising business
applications. However, for security teams
it has the opposite effect. Without control
over and visibility into cloud apps, it is
hard to ensure that corporate data really
is secure. This has led security teams
to focus on implementing encryption
techniques to attempt to shore up
protection of cloud data.
This is because many of the most popular
cloud applications provide very little
visibility or control over how sensitive
data is handled once in the cloud.
Instead, users are expected to simply
trust that their data is being kept secure. The primary driver for cloud encryption
is the need to ensure that if intellectual
property, trade secrets or regulated
data such as customer payment card
information was lost in a breach, it
cannot be viewed. For others, data
residency concerns or policies that
require control of encryption keys
lead them to encryption. In apps
Of course, many IT departments are
overjoyed with this approach because
74
Anurag Kahol, CTO at Bitglass
like Salesforce, this data exists as
structured data, whereas in file sharing
apps such as Box it is unstructured. In
both cases, the most commonly used
tool for encryption is a cloud access
security broker (CASB).
Encrypting data in the cloud can
be tricky
CASBs mediate connections between
cloud apps and the outside world
via a combination of proxies and API
connectors to applications. In doing
so, they create a focal point of visibility
and control for cloud applications in
use, with controls taking the form of
data loss prevention, contextual access
control and all importantly, encryption of
cloud data at rest.
Issue 09
|
www.intelligentciso.com