Cloud Encryption Gateways: The Basics

Cloud, Technology 0 Comments

Written by Michael Higashi

The last few years have seen innovations in cloud technology that enable even the most privacy- and compliance-conscious enterprises to make use of cloud computing, allowing organizations to reap the financial and operational benefits of the cloud without sacrificing data security or regulatory compliance. Among those innovations, cloud encryption gateways stand out for several reasons. If you’re not sure exactly what a cloud encryption gateway is or why it matters, read this primer to get up to speed.

What is a cloud encryption gateway?

A cloud encryption gateway exists inside the enterprise perimeter, intercepting data on its way to the cloud. The Gartner IT Glossary defines cloud encryption gateways thus:

Cloud encryption gateways provide cloud security proxy (typically at the application level), which performs encryption, tokenization or both on an item-by-item basis as data flows through the proxy. The obfuscated (encrypted or tokenized) data can then be stored in a cloud-based software-as-a-service (SaaS) application, such as Cloud encryption gateways typically provide a choice of various encryption and tokenization algorithms, depending on the strength of protection required and how much format preservation is necessary (for example, to preserve sorting).

Simply put, a cloud encryption gateway discovers sensitive data before it leaves the enterprise perimeter and applies the appropriate protections to the data based on enterprise data security and compliance policies.

CipherCloud Encryption Gateway Architecture

CipherCloud Encryption Gateway Architecture

What are the benefits of cloud encryption gateways?

Cloud encryption gateways have several unique benefits. Unlike encryption solutions that start at the cloud service provider (CSP), gateways can provide persistent encryption that protects data in transit to the cloud, at rest in the cloud, and while in use within cloud applications while preserving  cloud application functionality. Cloud encryption gateways are typically discrete appliances, and include multiple functions—discovery, encryption, tokenization, activity monitoring, DLP enforcement, and malware detection, and can be integrated into existing enterprise infrastructures.

Free White Paper – Download it Now

Cloud encryption gateways are of particular use to enterprises that have adopted more than one CSP. The best cloud encryption gateways provide easy integration with multiple cloud applications and provide a way to unify data protection strategy across all CSPs. Instead of having to deal with multiple cloud encryption schemes and monitoring, visibility, and DLP enforcement tools, enterprises with multi-cloud deployments can unify all their cloud information protection needs in one solution, streamlining data security and making it easier to control for compliance and privacy.

Finally, cloud encryption gateways solve the pressing issue of encryption key access by enabling enterprises to retain exclusive control of their encryption keys. Tightly controlled encryption key access is critical to true cloud data security, since it prevents data access in the clear by unauthorized third parties. It is also a requirement of data privacy regulations like PCI DSS. With a cloud encryption gateway, neither the CSPs nor the encryption providers will have access to the encryption keys.


Free White Paper – Download it Now

Cloud technology is transforming business. With cloud computing, particularly public cloud computing, organizations can enjoy unprecedented levels of agility, flexibility, and scalability at prices dramatically lowered thanks to the economies of scale of CSPs. However, security has always been a concern when it comes to the cloud. Cloud encryption gateways address that concern and empower enterprises to make full use of the cloud while still maintaining full confidence in the privacy and integrity of their sensitive data.

Next Steps:

Is your organization considering a cloud encryption gateway? Tell us why, or why not, in the comments.

Leave a Reply

Your email address will not be published. Required fields are marked *