If your enterprise needs any more encouragement to beef up its cloud encryption strategy, the fallout from last year’s Target and Snapchat data breaches should do it. Snapchat embarrassed itself with its dismissive response to Gibson Security’s warning, a vulnerability that later resulted in the breach of 4.6 million Snapchat usernames and phone numbers, according to the Wall Street Journal’s Farhad Manjoo. Target, meanwhile, saw its business drop significantly after the theft of tens of millions of customer credit card numbers and is in the throes of damage control.
The costs of data breaches can be staggering in both financial and public relations terms; one bad breach can stain a brand’s reputation for years. For enterprises looking to prevent themselves from becoming the next high-profile victim of a data breach, therefore, prevention is key. And for effective prevention, numerous security experts and analysts recommend encryption. In fact, 2014 looks set to be the “year of encryption,” according to the BBC’s Paul Rubens.
But how to encrypt?
“Diamonds and Paperclips”: The granular approach
Among the strategies Rubens outlined in his article, two stand out. Dave Frymier, Unisys CISO, “advocates that companies identify what he believes is the 5%-15% of their data that is really confidential, and use encryption to protect just that,” Rubens wrote. According to this line of thinking, companies should sort their data into diamonds and paperclips and focus on protecting the diamonds, not the paperclips.
This is where cloud data protection platforms like CipherCloud’s come in. The granular level of control administrators get with CipherCloud’s Cloud Information Protection Platform enables them to choose exactly what data to protect, and how. This ensures that your data is both functional and encrypted as as strongly as possible.
“No one ever got fired for having encryption that was too strong”
Strong encryption is, after all, essential. The longer your cryptographic key, the harder it will be to crack, and the safer your data. Robert Former, senior security consultant for Neohapsis, told Rubens that companies should use “encryption keys that are two or even four times longer than the ones” in common use. Organizations frequently overestimate the computing power that strong encryption demands, Former said, point out that “the cost of using your available processing power is less than the cost of losing your data because you were too cheap to make the crypto strong enough.”
“No-one ever got fired for having encryption that was too strong,” Former told Rubens.
Here, too, CipherCloud is ready to help, with a range of encryption methods that include strong AES 256-bit cryptography, through our new innovative Searchable Strong Encryption (SSE) for data that needs to be highly protected in the cloud. But strong encryption of sensitive data isn’t the whole picture. There’s one more piece of the puzzle.
Encryption in the cloud doesn’t protect much if someone else has the keys
That final piece of the puzzle is control. Yes, granular control over what to encrypt and how gives administrators a lot of control, as does the choice of encryption methods in varying strengths, but ultimately, anything that’s encrypted in any way can be decrypted by anyone with access to the encryption keys. For this reason, tight control over encryption key access is absolutely critical. Your cloud providers shouldn’t have your encryption keys, and neither should most people in your own organization. CipherCloud provides exclusive enterprise access to your encryption keys, as well as the tools to control what members of your own organization can access them.
2014 may, indeed, be the year of encryption. Major cloud providers have indicated their plans to ramp up their own encryption strategies, but they aren’t the only ones who should. If you handle any sensitive data, whether it originates internally or with your customers, you must, too. Make this year the year that you secure your information from attack, for good.
- On-Demand Webinar: Taking a Data-Centric Approach to Security in the Cloud
- White paper: Managing Data Residency and Compliance in the Cloud Age– How to enable new cloud applications while maintaining control over your sensitive information
- NEW eBook: Beyond Discovery: Cloud Data Protection
- Cloud data protection – which tools/solutions should you consider?
- Integration – which critical existing functionalities of the cloud must be preserved
- Control – what does it mean to have “control”?
What do you think is the appropriate enterprise response to recent data breach news? Let us know in the comments.