Cloud Data Encryption
A Guide to Cloud Encryption and SaaS Security
Cloud encryption is commonly used to prevent unauthorized access to private information, protect sensitive data stored in the cloud, and enhance security for outgoing data that leaves a secured network.
Cloud Encryption Defined
Encryption is a process used to protect information in transit and storage, including sensitive data processed and stored through networks, the internet, and mobile and wireless systems. It uses an algorithmic scheme to transform plain text information into a non-readable form called ciphertext. The reverse process, decryption, decodes the information from its encrypted form back to plain text. To prevent unauthorized access to plain text data, the mathematical algorithm requires a secret value, called a key, in order to encrypt or decrypt the data properly. Cloud encryption is used to safeguard sensitive information stored and processed through networks, the internet, and mobile and wireless devices.
In the cloud, encryption algorithms are used to protect outgoing data, so that information is not vulnerable once it’s outside an enterprise. Data encryption is commonly used to achieve compliance with industry regulations, including HIPAA and PCI DSS and is an essential cloud data security tool for organizations using popular SaaS applications, such as Salesforce.com and Oracle.
Cloud Data Encryption Strength
Cloud application users have choices when it comes to the strength of their encryption solutions, and standards have emerged across jurisdictions and industries to provide consistency and a level of assurance. In the U.S., FIPS 140-2 is the federal government encryption standard, and many commercial businesses now follow it because of its maturity and strong level of encryption.
Cloud Encryption with the Blue Coat Platform
Cloud Encryption can be used within the Blue Coat Cloud Data Protection Gateway to protect data – both at rest and in the cloud – from unauthorized access.
The Blue Coat Cloud Data Protection Gateway uses cloud encryption and tokenization to provide a vital level of SaaS security without sacrificing application functionality. And here is a key point related to Blue Coat encryption strategies: Our solution does not depend on any proprietary encryption modules or “Function Preserving Encryption” to preserve the essential SaaS application functionality users need. Blue Coat customers are free to install any cryptographic module supported via an Blue CoatCrypto Connector, including those that are FIPS 140-2 certified. In fact, we are the only cloud security company that supports FIPS 140-2 validated encryption modules while simultaneously preserving critical SaaS functionality.
For organizations that decide to implement cloud encryption, another important consideration is ownership of the encryption keys. The Cloud Security Alliance recently published guidance on best practices for implementing cloud encryption and they highlighted this important consideration stating “based on the Segregation of Duties security principle, key management should be separated from the cloud provider hosting the data. This provides the greatest protection both against external breach of the service provider as well as an attack originating from a privileged user/employee of the provider. Additionally, this segregation of duties prevents the cloud provider from unauthorized disclosure of customer data, such as compliance with a subpoena, without the customer knowledge or approval. The customers should retain complete control over their data and only they should be able to comply with disclosure requests.”