For organizations with heavy data security or compliance requirements, regular risk assessments are a must, and even more so if you keep any sensitive data in the cloud. You must know what assets you have, their relative vulnerability, their relative value (not only to your organization, but to attackers and competitors), and the probability of their loss. Only then can you develop a security strategy that balances the need for protection against budget and manpower restrictions. Encryption in the cloud can help you perform risk assessments in several ways.
A complete inventory of all your sensitive and/or protected assets is vital to your risk assessment (see “Cloud Information and Compliance: Four Best Practices for a Powerful Combination”). Encryption in the cloud can help accomplish that. A strong cloud encryption solution will provide you not only with granular control of encryption on individual data types, but also with clear visibility into the encryption that you’ve applied. What that means is that you’ll have visibility into your organization’s protected assets. With that visibility, you can more easily and thoroughly inventory data assets as part of your risk assessment process.
Another key step in a proper risk assessment is the assigning of relative values to data assets. What monetary value do individual asset types have to your organization? How about to attackers and competitors? In other words, how likely is it that someone will want to steal the data? Think of it this way: if you own a Datsun and a Jaguar, which one do you think is more important to protect? Encryption in the cloud can speed up your risk assessment process by showing you the value you’ve already assigned to each data type.
As part of the risk assessment process, you’ll have to articulate what countermeasures you already have in place to protect your high-value or high-risk data types. If your organization is using the cloud, then encryption in the cloud should feature as one of your most useful and commonly used countermeasures against data leaks or data theft. Here, the clear visibility into your data and individual data fields’ levels of protection will help you quickly complete this step. Instead of having to track down countermeasures across different silos of IT or SecOps, you’ll be able to view a unified report of everything encryption in the cloud is doing to secure your data.
Risk assessments can be time-consuming, but they’re as necessary to the ongoing security of your organization’s data as regular physicals are to your overall health. As you can see, however, encryption in the cloud can help you complete several steps of your risk assessment more quickly, more completely, and more confidently than you could without it.
- On-demand webinar: DeMystifying Cloud Encryption with Forrester Research – Join industry experts from Forrester and CipherCloud for an interactive webinar, discussing today’s cloud security challenges, encryption options and tradeoffs, and new technology that can make cloud encryption more practical and effective.
Is it almost time for your next risk assessment? Tell us how you plan to go about it in the comments.