Ever since Edward Snowden began dropping his bombshells about U.S. and other nations’ electronic espionage practices, enterprises have been wondering how to best protect their sensitive and confidential corporate data from government intrusion. At first, offshore data residency seemed like a promising answer. If your customer data is stored overseas, the thinking went, ail would be immune to being turned over to the government.
But a recent decision by U.S. Magistrate Judge James Francis casts doubt on that thinking. Francis “said Internet service providers such as Microsoft Corp or Google Inc cannot refuse to turn over customer information and emails stored in other countries when issued a valid search warrant from U.S. law enforcement agencies,” as Joseph Ax reported for Reuters and CNBC. So no matter where your data is housed, if your service provider is subject to U.S. law, your data is subject to U.S. warrants.
So we’re seemingly back to square one. Is there any way to confidently adopt the cloud without fear that your cloud services providers will be compelled to hand over your data against your wishes and possibly without your knowledge?
The answer is yes, and the solution happens to align with the approach CipherCloud has long taken to cloud information protection.
What enterprises need is the one-two punch of encryption with strict enterprise control of encryption keys. This combination ensures that your data is always safe from prying eyes, no matter where it travels or who gains access to it. It also ensures that if your cloud service provider is compelled to provide your data, no one can read it or extract anything of value from it without your organization’s knowledge and consent—since you’ll be the only ones with the encryption keys. There’s no longer much point in looking for cloud solutions that are immune to spying, after all. It’s time to render your data immune.
Encryption also looks to be the solution to another sticky cloud dilemma: that of the sovereign cloud. As revelations of government spying continue to roll in, some countries are responding by working to build “nationalistic barriers to global data flows in general and Internet technology services in particular,” Michael Hickins wrote for the WSJ’s CIO Journal. While this may help nations protect their domestic businesses’ data from foreign espionage, it will also damage the free flow of information across borders that is one of the key benefits of the Internet.
Ultimately, too, it may not work. As recent news demonstrates, infrastructures can be breached. The answer lies not in putting up more walls around data centers and nations, but in protecting the data itself. Encryption does so in the most efficient and controllable manner. Encryption is, therefore, the answer. And, as Burt Kaliski Jr., SVP and CSO of Verisign, said, “Encryption needs to be normative.”
Encryption isn’t a difficult solution to implement, either. It’s a key component of CipherCloud’s Cloud Information Protection platform and plays a key role in any effective cloud data protection strategy.
What measures does your organization take against government spying? Tell us your thoughts in the comments.