Cloud Security Tip: Data Doesn’t Sleep—Don’t Trust Encryption that’s Only “At Rest”


Written by Lara White

These days, every cloud service provider (CSP) and their mother claims to protect customer data by offering cloud encryption, oftentimes strong encryption, such as AES 256-bit cloud security CSPs’ promises of data privacy are reassuring, and customers might be misled to think that since their CSPs already offer encryption, there’s no real need to add any more, particularly if adding more means increasing their cloud security investment. Unfortunately, the types of encryption that many CSPs provide just isn’t enough.

Take a look at your CSPs’ security policies. If they offer encryption, it’s likely going to be in two flavors: encryption “in transit” and encryption “at rest.” Encryption in transit is simply encryption of data traffic as it passes between your machine and the CSP’s data center, or vice versa; encryption in transit is everywhere. Every time you go to a URL that begins with “https,” you’re using encryption in transit. Encryption in transit protects data in motion from hackers and spies who are attempting to intercept it.

Encryption at rest, on the other hand, encrypts data while it is in storage on the CSP’s servers. As cybercriminals set their sights on cloud hosting providers, encryption at rest certainly matters. It protects the data when it is neither in motion nor in use by the cloud application—while it is at rest, in other words. Encryption at rest keeps data secure in case the CSP’s storage infrastructure is compromised and the data it contains exposed.

Problem is, in today’s always-on, instant-access, 24/7 business world, it’s very unlikely that your data is going to spend much time at rest, if it rests at all. Cloud computing makes it possible to log in from any device and any location at any time: data can just as easily be accessed or processed at 2am in the morning as it is at 2pm in the afternoon. That means that your data won’t spend much of its time at rest, and therefore won’t spend much of its time protected.

For true cloud data security, what enterprises need is a third flavor of encryption: encryption in use. Encryption in use will keep data safe from unauthorized viewers even while the data is being handled by the cloud application, preserving key functionality like search and sort without sacrificing a moment of security. With attacks on the cloud on the rise, encryption in use is becoming increasingly critical.

As you look for the tools to ensure your organization’s data privacy in the cloud, seek out solutions that offer functionality-preserving encryption in use, such as CipherCloud’s Searchable Strong Encryption (SSE). With SSE applied at a granular, field-level basis to the types of data you need to use most often in the cloud, you’ll be able to keep sensitive information protected when it would otherwise be at its most vulnerable: while in use by your cloud application of choice.

Ready to learn more about cloud encryption? Watch our free, on-demand webinar, “Demystifying Cloud Encryption with Forrester Research,” today.