The split index
approach preserves
‘search’ by
moving the search
functionality from the
app to the CASB.
Unfortunately, using a CASB for
encryption is not without its challenges.
In order to preserve application
functionality after data is encrypted,
some CASBs actually reduce the
strength of the encryption. When data is
encrypted, the application is unable to
read the encrypted data and therefore
loses the ability to do anything with it.
The ‘search’ function is perhaps the
best example of this. If a customer file is
encrypted and a sales person attempts
www.intelligentciso.com
|
Issue 09
to search for it, the application would
not be able to read the file and therefore
the search function would be broken.
Reducing the encryption strength
allows a CASB vendor to ‘crack’ its
own encryption in order to allow critical
functions like search.
These functionality issues can seriously
impede the productivity benefits of
adopting cloud applications in the first
place. And so, some CASBs ‘solve’ the
issues by limiting the strength of the
cryptographic algorithm used. Of course,
in doing so, it severely impairs the
overall effectiveness of the encryption,
making data much more vulnerable. This
has left many businesses with a difficult
trade-off between lost functionality or
sub-optimal security, neither option
being particularly appealing.
Solving the security and
functionality trade-off
The latest development in cloud
encryption is one that takes a ‘split
index’ approach to searching cloud-
based data, which gives businesses the
best of both worlds.
When first deployed, API connections
are used to analyse cloud applications
in use, identify sensitive data and let the
business decide exactly what it wants
to encrypt.
The CASB will then replace all sensitive
data with copies that have been
encrypted. The business retains control
over the encryption keys in this scenario.
The encrypted data can then be stored
in the cloud app or on premises. In
the latter case, the only thing stored in
the cloud application is an encrypted
pointer to where the data lies in the
local data store.
The split index approach preserves
‘search’ by moving the search
functionality from the app to the CASB.
As data is encrypted, an encrypted local
search index is generated on premises,
75