Cloud Computing Economics - There Is No Free Service

Cloudonomics Journal

Subscribe to Cloudonomics Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloudonomics Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Cloudonomics Authors: Lori MacVittie, Skytap Blog, David H Deans, Shelly Palmer, Tim Crawford

Related Topics: Cloud Computing, Cloudonomics Journal, CIO/CTO Update, Sarbanes Oxley on Ulitzer, Java in the Cloud

Blog Feed Post

Cloud Encryption Best Practices for Non-Profits, SMEs, and Enterprises

data security best practices cloud security best practices Cloud Key Management Cloud Encryption  cloud encryption best practices Cloud Encryption Best Practices for  Non Profits, SMEs, and EnterprisesBy now, we all know that if we store sensitive data in the cloud or operate any business-critical apps or workloads there, we must use cloud encryption to protect ourselves, our information, and our customers. It helps to break down the cloud encryption best practices by business type, translating technical issues into understandable day to day needs.

Cloud Encryption for Non-Profits (and For-Profits)

While every business is concerned about minimizing expenses, non-profit organizations are especially so because every cent they spend is one that cannot be used to better the world. Encryption, in and of itself, has become ubiquitous. Using powerful algorithms like the Advanced Encryption Standard (AES) is commonplace. For this reason, the best practices for cloud encryption for non-profits involve standards that are not about the technicalities of how to encrypt, but rather the practicalities.

The CSA, a non-profit organization that is focused on cloud encryption and security practices has developed the Cloud Control Matrix as well as Security Guidance for Critical Areas of Focus in Cloud Computing. In these documents, the CSA advises:

  • Data should be encrypted before it leaves the end-user organization’s control
  • Encryption should be implemented for data-at-rest, data-in-transit and data-in-use
  • Encryption keys should be retained by the end-user organization, not the cloud service provider

All of these best practices apply to all organizations, not just NPOs. To relate them to non-profits is to focus back on the need for cost-effectiveness. The best practice for non-profits can be summed up like this:

Cloud encryption for data at rest, data in transit, and data in motion, that is encrypted before leaving the organization’s control, and whose encryption keys are controlled only by the NPO, in a cost-effective, pay-as-you-go Encryption as a Service model.

Cloud Encryption for Small and Medium Enterprises

Where non-profits need to focus on cost-effectiveness, SMEs need to focus on flexibility and scalability. SME workloads are often inconsistent. Though hardware security modules (HSMs) offer great cloud security, growing that infrastructure to meet expanding business needs means expensive hardware costs and IT personnel.  If you need to scale down a few months later, this is a heavy financial burden.

A cloud encryption solution which is purely cloud can easily flex and scale to accommodate changing workloads.

Therefore, in addition to the best practices listed above, SMEs will add:

Cloud encryption for data at rest, data in transit, and data in motion, that is encrypted before leaving the organization’s control, and whose encryption keys are controlled only by the SME, in a cost-effective, pay-as-you-go Encryption as a Service model that can easily flex and scale as business needs change.

Cloud Encryption for Enterprises (and those planning to become enterprises)

Non-profits focus of cost-effectiveness, SMEs on flexibility and scalability, and Enterprises must focus on regulatory compliance and protections from hackers, competitors, and spies.

Laws and industry regulations like HIPAA for healthcare companies and PCI DSS for those in financial sectors mandate elements of cloud encryption. Most notably, management of the encryption keys. These standards and guidelines maintain that data must be encrypted and the data owner must be the only one with access to the encryption keys. That way, even in the case of a data breach, the sensitive information is unreadable.

By controlling the encryption keys this way, enterprises also limit their exposure to hackers, unscrupulous competitors, and spies. Even if these “bad guys” can somehow access the encrypted data layer, it will be useless because, without the encryption key, that information cannot be deciphered.

For enterprises, the cloud encryption best practice can be worded as:

Cloud encryption for data at rest, data in transit, and data in motion, that is encrypted before leaving the organization’s control, and whose encryption keys are controlled only by the Enterprise, in a cost-effective, pay-as-you-go Encryption as a Service model that can easily flex and scale as business needs change and complies with laws and regulations by limiting control of the encryption key solely to the Enterprise.

Read this white paper for more information on cloud encryption and key management.

You might also find these articles interesting:

The post Cloud Encryption Best Practices for Non-Profits, SMEs, and Enterprises appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.