Data in use is, effectively, the data that has been loaded into a process and is in the memory of the program that is running. In general, this data is in the clear while being processed and is typically not protected by techniques such as data-at-rest encryption provided by cloud service providers (CSPs).
The lifecycle of cloud data includes three phases: at rest, in transit and in use. Organizations need to focus on protecting the complete data lifecycle. There is a growing concern about securing data in use since new attack vectors are emerging that specifically target data in this phase.
Perspecsys explains that in general, this data is secure while being processed, however, it is typically not protected by techniques such as the in-cloud-based encryption provided by a cloud service provider. The recent Heartbleed exploit is a good example of a data-in-use attack. The Heartbleed attack exploited a vulnerability in OpenSSL, which allowed attackers to directly access the memory space of the affected process, leaking sensitive data in use such as usernames and passwords. Moreover, if the data in use is in the clear, it is technically feasible for a cloud service provider to "tap" the data in response to a request from a third party, such as law enforcement.
As usage continues to expand across industries around the world, it's apparent that even more mission-critical operations and services will be moved to the cloud in the coming years.
According to a recent survey from Business Cloud News, the majority of respondents are planning a significant increase in cloud adoption in the next two years. This predicted growth of the cloud begs some questions about the current state of the cloud, including the hidden sources of risk with public cloud usage.
While many enterprises are clearly realizing promised benefits, there are still challenges and a consistent set of concerns. Before companies can move a new process to the cloud or expand current deployments, they need to understand the risks. In this slideshow, Perspecsys, a leader in enterprise cloud data protection solutions, takes a closer look at five hidden sources of risk associated with public cloud usage.
Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ... More >>