Edward Snowden and the Importance of Cloud Data Encryption

Edward Snowden and the Importance of Cloud Data Encryption

In the News, Latest Trends 0 Comments

Written by Michael Higashi

A year has passed since NSA whistleblower Edward Snowden began leaking information to the media about vast programs of electronic surveillance being conducted by the U.S. government and its allies. In that year, what have we learned?

From CipherCloud’s perspective, the key lesson is clear: Now, more than ever, cloud data encryption is absolutely vital to enterprise data privacy and security.

Enterprises who have adopted cloud services with major providers like Google and Microsoft were no doubt alarmed to learn that under the NSA’s PRISM program, those CSPs (and others) were handing over user data at the government’s request, without the data owners’ knowledge or consent. CSPs were  being legally strong-armed. At the end of the day, how they were convinced to turn over customer information is less important than what that information included: “Emails, chat logs, VoIP calls, video conferencing sessions, stored data and usernames and passwords for any of these services,” as Australia’s IT News reported. And in most cases, the CSPs were forbidden from disclosing these requests. Customers’ cloud data privacy was being breached without the customers ever knowing or having any opportunity to respond.

For organizations still on the fence about adopting cloud services, meanwhile, the Snowden revelations have provided more reasons to hesitate. Cloud data privacy is serious business, and from the sound of it, the NSA and other government agencies are serious about finding ways around it. In addition to demanding customer data from CSPs, the NSA has also been developing malware to infiltrate everything from servers and switches to individual endpoint devices and has taken steps to compromise networking equipment for surveillance purposes.

All is not lost for CSPs and enterprises, of course. Our takeaway from the Snowden revelations is not that businesses avoid the cloud. That’s becoming less and less feasible as cloud infrastructure, services, and applications continue to proliferate and offer value and competitive advantages to their customers.

“To protect against secret surveillance, Snowden said, we need to make encryption a part of everything we do. “The bottom line is that encryption does work,” he said. “We need to not think of encryption as an arcane, dark art, but as basic protection for the digital world.”*

BYOE – Bring Your Own Encryption

Instead, what Snowden has taught us is that in order to utilize the cloud safely, enterprises must take matters into their own hands. Doing so is simpler than it may appear. Have you ever heard of Bring Your Own Device (BYOD)? The Bring Your Own Device trend empowers employees to purchase and use their own choice of mobile devices for business purposes. Now the enterprise must empower itself with Bring Your Own Encryption (BYOE), choosing and implementing its own cloud data encryption solutions. Given the tactics the NSA has already used on major cloud service providers, Bring Your Own Encryption is the only way organizations can ensure their cloud data privacy.

With their own cloud data encryption solutions—and access to those encryption keys tightly controlled and exclusive to their own organizations—enterprises can rest assured that their data will remain safe in the cloud. Even if CSPs are forced to divulge the data, no one will be able to read it without the owner’s knowledge and consent. And cloud data encryption to protect against government surveillance has other benefits as well.

Spies won’t be able to access the data in the clear, and neither will hackers or thieves. For these reasons, Bring Your Own Encryption should be any business’s front-line defense against data breaches.

Next Steps:

What other lessons can we learn from the Year of Edward Snowden? I think the key takeaway it…“take responsibility”.  What are your thoughts?

* Source: “The Bottom Line Is That Encryption Does Work”: Edward Snowden at SXSW

Leave a Reply

Your email address will not be published. Required fields are marked *