A year has passed since NSA whistleblower Edward Snowden began leaking information to the media about vast programs of electronic surveillance being conducted by the U.S. government and its allies. In that year, what have we learned?
From CipherCloud’s perspective, the key lesson is clear: Now, more than ever, cloud data encryption is absolutely vital to enterprise data privacy and security.
Enterprises who have adopted cloud services with major providers like Google and Microsoft were no doubt alarmed to learn that under the NSA’s PRISM program, those CSPs (and others) were handing over user data at the government’s request, without the data owners’ knowledge or consent. CSPs were being legally strong-armed. At the end of the day, how they were convinced to turn over customer information is less important than what that information included: “Emails, chat logs, VoIP calls, video conferencing sessions, stored data and usernames and passwords for any of these services,” as Australia’s IT News reported. And in most cases, the CSPs were forbidden from disclosing these requests. Customers’ cloud data privacy was being breached without the customers ever knowing or having any opportunity to respond.
For organizations still on the fence about adopting cloud services, meanwhile, the Snowden revelations have provided more reasons to hesitate. Cloud data privacy is serious business, and from the sound of it, the NSA and other government agencies are serious about finding ways around it. In addition to demanding customer data from CSPs, the NSA has also been developing malware to infiltrate everything from servers and switches to individual endpoint devices and has taken steps to compromise networking equipment for surveillance purposes.
All is not lost for CSPs and enterprises, of course. Our takeaway from the Snowden revelations is not that businesses avoid the cloud. That’s becoming less and less feasible as cloud infrastructure, services, and applications continue to proliferate and offer value and competitive advantages to their customers.
“To protect against secret surveillance, Snowden said, we need to make encryption a part of everything we do. “The bottom line is that encryption does work,” he said. “We need to not think of encryption as an arcane, dark art, but as basic protection for the digital world.”*
BYOE – Bring Your Own Encryption
Instead, what Snowden has taught us is that in order to utilize the cloud safely, enterprises must take matters into their own hands. Doing so is simpler than it may appear. Have you ever heard of Bring Your Own Device (BYOD)? The Bring Your Own Device trend empowers employees to purchase and use their own choice of mobile devices for business purposes. Now the enterprise must empower itself with Bring Your Own Encryption (BYOE), choosing and implementing its own cloud data encryption solutions. Given the tactics the NSA has already used on major cloud service providers, Bring Your Own Encryption is the only way organizations can ensure their cloud data privacy.
With their own cloud data encryption solutions—and access to those encryption keys tightly controlled and exclusive to their own organizations—enterprises can rest assured that their data will remain safe in the cloud. Even if CSPs are forced to divulge the data, no one will be able to read it without the owner’s knowledge and consent. And cloud data encryption to protect against government surveillance has other benefits as well.
Spies won’t be able to access the data in the clear, and neither will hackers or thieves. For these reasons, Bring Your Own Encryption should be any business’s front-line defense against data breaches.
- On-Demand webinar – “Cloud Encryption 101: Understanding the Basics“. Listen in and learn about: How cloud encryption technologies work; Case studies on how and why organizations are using these technologies, plus a demo of cloud encryption technologies in action!
- Free eBook/evaluation guide: “What You Need to Know About Cloud Information Protection Solutions” – Let’s face it – many of us are skeptical about the security of our information in the Cloud.
This evaluation guide includes a handy “report card” and 5 critically important business and technical considerations you will want to understand.
- Blog post – “Cloud Information Protection: Asymmetric vs. Symmetric Encryption”
What other lessons can we learn from the Year of Edward Snowden? I think the key takeaway it…“take responsibility”. What are your thoughts?