Cloud Data Encryption is Easy


Written by Mark Campbell

When I was part of the PGP Corp team that created PGP Whole Disk Encryption 10 years ago, we used to joke that our encryption should be free, and that we should just charge for decryption. Looking back now, we weren’t too far off in our assessment. encryptionThe encryption really was the easy part. The true challenge lay in ensuring that the encryption technology didn’t limit usability. In PGP’s case, we had to ensure laptops still performed as expected and encrypted email could still be sent and read in a process so that it remained completely transparent to the users.

That still holds true today. When it comes to cloud applications like Salesforce or ServiceNow, many vendors and technologies are capable of encrypting cloud data. The hard part is encrypting it in a way that does not break the cloud application’s functionality, enabling end users to do their jobs without disruption. Cloud encryption that renders applications useless, cripples their functionality, or prevents integration with other applications negates the business benefits of using the cloud in the first place.

CipherCloud has focused on solving the hardest problems with cloud application data encryption, such as preserving application functionality, maintaining search and sort capabilities, and integrating with third-party cloud applications.

Preserving application functionality is perhaps the most important problem to solve. Your new deployment of Salesforce needs to work flawlessly. Using format-preserving encryption techniques can ensure that your encrypted data complies with what the application requires. For example, an encrypted email address might need to look like an email address, and an encrypted phone number might need to look like a phone number.  Encrypted fields should never break dashboards, reports, filters, or other advanced functionality. Without deep integration and technological understanding of how these cloud applications work, these functions will just return meaningless results.

Searching of encrypted data has been one of the hardest challenges to tackle. CipherCloud has developed patented Searchable Strong Encryption (SSE) methods to provide extensive searchability of fully encrypted data, without sacrificing the strength of FIPS-validated AES 256-bit encryption with unlimited initialization vectors. SSE supports complex searching, including wildcard, natural language and Boolean searches, matching the capabilities of typical web search engines.

Addressing interoperability with third party applications also presents challenges when encrypting cloud application data. In our experience, it is extremely rare that SaaS applications, like Salesforce, are deployed in isolation. Integration with the cloud ecosystem is necessary. CipherCloud provides powerful and flexible Web Services that enable decryption and re-encryption of data by external applications or processes.

It’s not enough to just have strong encryption for cloud application data. That’s the easy part. The real challenge is providing strong encryption while maintaining functionality, usability, and interoperability. For more information on how CipherCloud does it, check out the CipherCloud Guide to Cloud Data Protection.