• Home

  • Documents

  • Blog - Beyond Encryption: The 5 Pillars of Cloud Data Security - Infosecurity
3
10/2/13 11:22 AM Blog - Beyond Encryption: The 5 Pillars of Cloud Data Security - Infosecurity Page 1 of 3 http://www.infosecurity-magazine.com/blog/2013/9/3/beyond-encryption-the-5-pillars-of-cloud-data-security/990.aspx Beyond Encryption: The 5 Pillars of Cloud Data Security By Kamal Shah Given the recent influx of cybersecurity attacks and the hubbub about the National Security Agency’s PRISM program, there is lot of talk about the importance of en- cryption to protect corporate data in the cloud. (PRISM is a clandestine data mining operation authorized by the US government in which data stored or passing over the internet can be collected without the owner’s knowledge or consent.) While it’s true that encryption helps to keep data private, encryption is just 1 of 5 ca- pabilities needed to completely secure corporate data in the cloud. Allow me to use an analogy in the physical world to explain what I mean. Banks are an ideal example of the use of layers of security to protect important assets. A bank branch has a vault in which it stores cash and other valuables. Having a vault is essential, but on its own it’s not enough to fully protect the riches within. The bank also has policies to guide who can access the vault; what identification methods are required to verify that an employee or customer has the right to access the vault; the hours when the vault can be legitimately accessed; and so on. The bank also needs surveillance cameras so that in event of a breach, the authorities can play back the recording to understand exactly what happened, and when. Sta- tioned near the vault, the bank has a security guard for additional protection against threats and to deter thieves. And finally, the bank employs armored vans to move cash around from the bank to stores, to off-premise ATMs, and to other banks. Similarly, when we talk about protecting corporate data in the cloud, you need more than just a point encryption solution; you need comprehensive approach to cloud data security. Let’s start with encryption – a technology that has been around for decades but is now more important than ever as threats from all angles are increasing. The encryp- tion solution you use on your data needs to be standards-based and it must support both structured and unstructured data. For structured data, the encryption technolo- gy must not break any application functionality (such as searching or sorting). This latter requirement is quite important; if you can’t search on data in comments field in

Blog - Beyond Encryption: The 5 Pillars of Cloud Data Security - Infosecurity

  • Upload
    hxsxax

  • View
    216

  • Download
    1

Embed Size (px)

DESCRIPTION

Beyond Encryption

Citation preview

  • 10/2/13 11:22 AMBlog - Beyond Encryption: The 5 Pillars of Cloud Data Security - Infosecurity

    Page 1 of 3http://www.infosecurity-magazine.com/blog/2013/9/3/beyond-encryption-the-5-pillars-of-cloud-data-security/990.aspx

    Beyond Encryption: The 5 Pillars of Cloud Data SecurityBy Kamal Shah

    Given the recent influx of cybersecurity attacks and the hubbub about the NationalSecurity Agencys PRISM program, there is lot of talk about the importance of en-cryption to protect corporate data in the cloud. (PRISM is a clandestine data miningoperation authorized by the US government in which data stored or passing over theinternet can be collected without the owners knowledge or consent.)

    While its true that encryption helps to keep data private, encryption is just 1 of 5 ca-pabilities needed to completely secure corporate data in the cloud. Allow me to usean analogy in the physical world to explain what I mean.

    Banks are an ideal example of the use of layers of security to protect important assets.A bank branch has a vault in which it stores cash and other valuables. Having a vaultis essential, but on its own its not enough to fully protect the riches within.

    The bank also has policies to guide who can access the vault; what identificationmethods are required to verify that an employee or customer has the right to accessthe vault; the hours when the vault can be legitimately accessed; and so on.

    The bank also needs surveillance cameras so that in event of a breach, the authoritiescan play back the recording to understand exactly what happened, and when. Sta-tioned near the vault, the bank has a security guard for additional protection againstthreats and to deter thieves. And finally, the bank employs armored vans to movecash around from the bank to stores, to off-premise ATMs, and to other banks.

    Similarly, when we talk about protecting corporate data in the cloud, you need morethan just a point encryption solution; you need comprehensive approach to clouddata security.

    Lets start with encryption a technology that has been around for decades but isnow more important than ever as threats from all angles are increasing. The encryp-tion solution you use on your data needs to be standards-based and it must supportboth structured and unstructured data. For structured data, the encryption technolo-gy must not break any application functionality (such as searching or sorting). Thislatter requirement is quite important; if you cant search on data in comments field in

  • 10/2/13 11:22 AMBlog - Beyond Encryption: The 5 Pillars of Cloud Data Security - Infosecurity

    Page 2 of 3http://www.infosecurity-magazine.com/blog/2013/9/3/beyond-encryption-the-5-pillars-of-cloud-data-security/990.aspx

    Salesforce.com because it is obscured through encryption, youve defeated the valueof using the application.

    So, encryption is 1 of 5 critical security capabilities. What are the other four?

    You need contextual access control so you can ensure secure access to the data basedon who the users are, what devices they are using, and what geographic locationsthey are in.

    You need application auditing so you can identify who has accessed which data andalert based on anomalous use. This is critical because most SaaS applications dontprovide an audit trail of read operations to understand what exactly happenedwhen an incident occurred.

    You need data loss prevention to make sure that PII and PHI data is not moving to orthrough the cloud in the clear in violation of PCI, HIPAA and HITECH regulations.

    And finally, you need the ability to easily but consistently enforce these policies forcloud-to-cloud use cases.

    This last need is an up-and-coming requirement that companies are just beginning torealize, but it will grow more important as companies use more cloud-based applica-tions. Let me give you an example.

    Lets say a company uses Jive for business social and Box for cloud storage of docu-ments posted in Jive. When Jason, an employee in my Sales department, posts a blogpost on a competitor with a detailed attachment, Jive automatically stores the docu-ment in Box. In this cloud-to-cloud scenario, I need to make sure that my security,compliance and governance policies are consistently enforced across both Jive andBox.

    Encryption as a means of data security is a good start, but not sufficient. Make sureyou bolster it with the other critical security capabilities for a more complete clouddata security strategy. To learn more check out our Beyond Encryption Slideshare.

    Kamal Shah is the VP of Products and Marketing at Skyhigh Networks.

    Comment on this blog

  • 10/2/13 11:22 AMBlog - Beyond Encryption: The 5 Pillars of Cloud Data Security - Infosecurity

    Page 3 of 3http://www.infosecurity-magazine.com/blog/2013/9/3/beyond-encryption-the-5-pillars-of-cloud-data-security/990.aspx

    You must be registered and logged in to leave a comment about this blog.


Citrix Infosecurity 2009

Citrix Infosecurity 2009

Technology
Infosecurity Argentina – 2013

Infosecurity Argentina – 2013

Technology
Presentatie Infosecurity 2011

Presentatie Infosecurity 2011

Documents
InfoSecurity 2014 - Cloud Trust

InfoSecurity 2014 - Cloud Trust

Technology
Infosecurity Puerto Rico – 2013

Infosecurity Puerto Rico – 2013

Technology
Infosecurity management in the Enterprise

Infosecurity management in the Enterprise

Business
Infosecurity Cali, Colombia Event

Infosecurity Cali, Colombia Event

Technology
Industry Insights from Infosecurity Europe 2016

Industry Insights from Infosecurity Europe 2016

Technology
MWR InfoSecurity PowerPoint Presentation Template - MWR Labs

MWR InfoSecurity PowerPoint Presentation Template - MWR Labs

Documents
El panorama de las amenazas móviles - InfoSecurity

El panorama de las amenazas móviles - InfoSecurity

Documents
ISEC INFOSECURITY TOUR 2020 GLOBAL INFOSECURITY ROADMAP...PROGRAMA DE PATROCINIOS 2020 ISEC INFOSECURITY TOUR 2020 Welcome to “NO PAIN!TOUR” EL UNICO EVENTO QUE RECORRE 25 CIUDADES

ISEC INFOSECURITY TOUR 2020 GLOBAL INFOSECURITY ROADMAP...PROGRAMA DE PATROCINIOS 2020 ISEC INFOSECURITY TOUR 2020 Welcome to “NO PAIN!TOUR” EL UNICO EVENTO QUE RECORRE 25 CIUDADES

Documents
STAYING ALIVE TOUR 2018 - INFOSECURITY VIP

STAYING ALIVE TOUR 2018 - INFOSECURITY VIP

Documents
Infosecurity Pro Issue 11

Infosecurity Pro Issue 11

Documents
Beyond Encryption: The 5 Pillars of Cloud Data Security

Beyond Encryption: The 5 Pillars of Cloud Data Security

Technology
Cloud en datacenter security (infosecurity 2013)

Cloud en datacenter security (infosecurity 2013)

Technology
InfoSecurity Europe 2014: The Art Of Cyber War

InfoSecurity Europe 2014: The Art Of Cyber War

Technology
Millennialls versus Seniors - INFOSECURITY VIP

Millennialls versus Seniors - INFOSECURITY VIP

Documents
Infosecurity 2011 - Менеджер по информационной безопасности 2.0

Infosecurity 2011 - Менеджер по информационной безопасности 2.0

Business
Infosecurity 2014 - Superbees Wanted

Infosecurity 2014 - Superbees Wanted

Presentations & Public Speaking
PIM Infosecurity Professional Magazine Mar April 2015

PIM Infosecurity Professional Magazine Mar April 2015

Documents
Belgian IT Security Laws & Regulations Infosecurity 2006

Belgian IT Security Laws & Regulations Infosecurity 2006

Business
Infosecurity russia 2015

Infosecurity russia 2015

Internet
Next generation firewall (infosecurity 2013)

Next generation firewall (infosecurity 2013)

Technology
Session 7 - InfoSecurity-ITArchitecture - Alecia Heng

Session 7 - InfoSecurity-ITArchitecture - Alecia Heng

Documents
Infosecurity Mexico event information

Infosecurity Mexico event information

Documents
LPI toegelicht op InfoSecurity 2010

LPI toegelicht op InfoSecurity 2010

Technology
Infosecurity Europe 2016: Operationalizing Threat Intelligence

Infosecurity Europe 2016: Operationalizing Threat Intelligence

Technology
Infosecurity 2016 Presentacion Final v02 INFOSECURITY CD… · Microsoft PowerPoint - Infosecurity 2016 Presentacion Final v02 Author: jortega Created Date: 4/8/2016 12:22:10 PM

Infosecurity 2016 Presentacion Final v02 INFOSECURITY CD… · Microsoft PowerPoint - Infosecurity 2016 Presentacion Final v02 Author: jortega Created Date: 4/8/2016 12:22:10 PM

Documents
Infosecurity 2007

Infosecurity 2007

Technology
Infosecurity Professional Magazine - isc2.org

Infosecurity Professional Magazine - isc2.org

Documents