Everyone has an opinion on the ‘cloud’ and its effect on business – some believe it is dark and scary and fraught with unnecessary risk. In contrast, others would argue it’s silver-lined and the path to greater business performance and cost savings. The truth is that the cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses – but only if data security is properly addressed.
First, let’s dispel any misperceptions you might have about the cloud. It’s nothing mystical, nothing whimsical – nothing to be afraid of. Many fear the cloud because of its reputation as a dangerous or ‘risky’ place. And that is true. Anything beyond the physical perimeter of the organization is also, theoretically, beyond the physical protection of the organization. And let’s face it, there are dangers and risks out there, but that doesn’t mean you have to stay behind a locked door. Instead, by arming yourself with the right security, you can stay clear of danger and fully tap into the cloud’s potential.
The cloud and security are intrinsically intertwined, and only when both works in symbiosis can a business truly grow. There are five main areas where security can team up with the cloud to offer companies the greatest potential to thrive – and it isn’t hard to get it right.
5 Reasons to use the Cloud
Data is key and possibly the most important asset for organizations – a single breach or leak of sensitive data can cripple the entire business, so a data protection strategy must protect the data itself. In addition, the ability to move sensitive information into and throughout the cloud is essential for businesses to function and collaborate efficiently, quickly, and freely – but a comprehensive data protection strategy must support this ability. The trick is to protect data before it moves out of the enterprise or even enters the cloud at the moment of creation. Only by doing that can you ensure that any data source is comprehensively protected and the risk of potential exposure is minimized.
2.Regulatory compliance and data residency requirements
Sensitive data moved into and across cloud infrastructures can easily introduce additional complexity and cost to regulatory compliance – potentially costing thousands in fines and damaging reputations. Companies that ensure sensitive data is comprehensively protected can greatly reduce cost, complexity, and overall risk in meeting and maintaining regulatory compliance.
3.Scalability and flexibility
The cloud has opened up previously unseen opportunities for organizations to grow and expand quickly, smoothly, and with ease. With information immediately available wherever you are, the cloud offers the flexibility and scalability that in the past was an insurmountable obstacle for businesses restricted by their on-site resources. The key to successfully harnessing this opportunity is a flexible data security architecture that is adaptable across multiple applications and systems while not adversely impacting the user experience. Failure to put a comprehensive, data-centric protection program can cause cloud initiatives to be delayed or fraught with hidden security issues.
This element is two-fold. First, reap the powerful cost savings by only paying for what you use. The second element is that most cloud computing platforms provide the means to capture, monitor, and control usage information for accurate billing. Thus, a single, comprehensive data protection platform can eliminate the threat of risky fines from compliance breaches or data loss while also reducing the need to invest in multiple security tools.
5.Access to data anytime, anywhere
Enhancing the opportunity to drive business innovation, the cloud provides remote access to your infrastructure 24/7 for your workforce. No longer will you arrive for a meeting only to find the materials on your USB stick are a previous version. Instead, you access the original file wherever you happen to be. Sales teams can check stock levels in real-time. An employee stuck at home waiting for a delivery or in an airport waiting for an ash cloud to disperse can still work as effectively as in the office.
With so many key business benefits of the cloud depending on security, users would be easily be misled into believing the cloud should have a host of restrictions to address its safety issues. But the truth is, it all comes back to the data. A single framework that comprehensively protects all enterprise data from the point of creation and throughout its lifecycle can eliminate practically all potential security hazards that could threaten the cloud.
5 Tips for Cloud Security
1. Leverage data-centric encryption
By encrypting data (regardless of type or source) at capture and protecting it throughout the entire lifecycle wherever it moves, data can be used safely across the enterprise and in the cloud without needing to encrypt and decrypt each time it enters different IT environments.
2.Maintain referential integrity
Format-preserving encryption (FPE) retains the initial structure and format of the data set, encrypting the data while ensuring the structure fits into existing systems without requiring changes in IT infrastructure. FPE also preserves the ‘referential integrity of the data, which allows it to be analyzed in a protected state without decrypting it first.
3.Ensure high-performance processing
High performance results from eliminating manual encryption and decryption processes as data moves through the enterprise, removing database performance bottlenecks. A data protection strategy can be done locally at the application, database, or web server level and includes encryption and tokenization allows an organization to dynamically protect terabytes of data without introducing complex procedures, additional technology, or interrupt the current business process.
By giving users or applications, permission to decrypt or de-tokenize directly – linking to enterprise data access rules and policies – the extension of enterprise controls into the Cloud can be enabled, and user management is simplified.
Tokenisation is substituting sensitive data with non-sensitive values and is one of the prescribed data protection methods recommended under industry regulations, including PCI DSS. Stateless tokenization eliminates the token database and any need to store sensitive data and the keys that map the tokens to the initial sensitive data. This allows organizations to address data residency efficiently. Organizations should maintain privacy requirements (nationally or internationally) as a user’s sensitive data is in a valid jurisdiction with only a representation of the data being moved. In-scope data can be securely moved and stored across cloud environments and only decrypted and used within jurisdictions permitted.
When utilized correctly, cloud computing capabilities offer numerous opportunities to drive business innovation. Recent technology and social connectivity trends have created a perfect storm of opportunity for companies to embrace the power of the cloud to upgrade their existing business models. Could you join them?
Dave Anderson is the Director of Strategy at Voltage Security – Article originally posted to IT Pro Portal.