Classes are officially in session. What better time than the start of a new school year to brush up on your cloud security knowledge?
According to the Research and Markets’ Global Security Services Market 2015-2019 report, the market for security products and services is growing globally and demand for cloud-based security is leading the charge. With security threats on the rise, cloud security is obviously a top concern for many organizations across a myriad of industries.
As the number of products and services available continue to increase, companies can lose sight of the basic cloud security components that are key to implementing a successful plan. In this slideshow, Perspecsys, a Blue Coat company, offers five lessons to help you touch up on your cloud security facts.
Cloud Security Q&A
Click through for five questions and answers on cloud security and compliance, as identified by Perspecsys.
Question #1: What technology solves data residency, data privacy and data security challenges for enterprises that are using cloud applications?
The Answer: Tokenization
Tokenization is one of the strategies that organizations consider when they are looking to protect sensitive data at-rest, in the cloud or in-transit. Tokenization is the process of taking a sensitive data field and replacing it with a surrogate value called a token. De-tokenization is the reverse process of replacing a token with its associated clear text value.
You may be wondering how tokenization differs from encryption. With tokenization, the original data is completely removed, while with encryption, the original data still bears a relationship to its unencrypted form. Tokenization tends to be more flexible in its length and format, compared to traditional encryption techniques. Additionally, tokens cannot be returned to their corresponding clear text values without access to a secured “look-up” table that matches them to their original values. Unlike encrypted values, tokens can be generated so they do not have any relationship to the length of the original value.
Question #2: Name a security and compliance method to protect cloud data from cyber threats and vulnerabilities.
The Answer: Encryption
As most of you are well aware, encryption is a process used to protect information in transit and storage, including sensitive data processed and stored through networks, the Internet, and mobile and wireless systems. It uses an algorithmic scheme to transform plain text information into a non-readable form called ciphertext. The reverse process, decryption, decodes the information from its encrypted form back to plain text. To prevent unauthorized access to plain text data, the mathematical algorithm requires a secret value, called a key, in order to encrypt or decrypt the data properly.
Cloud encryption is used to safeguard sensitive information stored and processed through networks, the Internet, and mobile and wireless devices. In the cloud, encryption algorithms are used to protect outgoing data, so that information is not vulnerable once it’s outside an enterprise. Data encryption is commonly used to achieve compliance with industry regulations, including HIPAA and PCI DSS and is an essential cloud data security tool for organizations using popular SaaS applications.
Question #3: When enterprises move applications from on-premise to cloud-based what is a challenge that arises concerning the treatment of sensitive data?
The Answer: Data Compliance
Data compliance for the cloud refers to ensuring that data going to the cloud is protected in a way that meets all relevant standards and regulations – whether set by industry or geographic area. Depending on the industry, there are often specific regulations for how an enterprise should handle personal information and other sensitive data. Some key U.S. data regulations include: Retail – PCI DSS, Healthcare – HIPAA & HITECH, Financial – GLBA, Government – FISMA & FedRamp and others. In addition, many countries have their own cloud data regulations and laws and these also differ depending on the country. For example it’s generally said that the European Union safeguards personal information more proactively than the United States.
To meet data compliance regulations and standards, an enterprise should become familiar with and learn how to utilize data-centric security tools that work in and outside of their firewall. Encryption and tokenization are useful for meeting strict or complex data regulations and supporting the enterprise in meeting its cloud data compliance needs.
Question #4: What term has the definition “maintaining control over the location where regulated data and documents physically reside?”
The Answer: Data Residency
Cloud data residency (also called data sovereignty) refers to the physical location of where data actually resides. With cloud adoption, residency is ultimately determined by the geographic location of where data is stored. Cloud service providers (CSPs) may have data centers all over the world, so it is these locations that matter most to enterprises concerned with complying with residency laws.
With recent revelations about government surveillance of online data and many high-profile data breaches, there is understandably a focus on how to best protect sensitive data going to the cloud. Many enterprises face a growing set of data compliance regulations. Some of these laws or rules are specific to data residency.
Privacy and data residency requirements vary by country and may include specifics around what types of data may leave its borders and what must remain physically within the country. Enterprises adopting the cloud need to consider the rules that cover each of the jurisdictions they operate in, as well as the rules that govern the treatment of data at the locations where the CSP operates. Restrictions around data residency may make it more challenging for an enterprise to adopt certain cloud applications and many are seeking out solutions for keeping data resident, despite the CSP selected.
Question #5: What is Gartner’s term for on-premise or cloud-hosted software that acts as a control point to secure cloud services?
The Answer: Cloud Access Security Broker (CASB)
As enterprises follow the flow of data to the cloud, it becomes quickly apparent that maintaining control of sensitive data is often a difficult task. Decision makers in enterprise IT need a solution that will bring their situation back into balance – enabling cloud adoption without loss of data control. A newer segment of technologies that Gartner calls “cloud access security brokers” (CASBs) has emerged in recent years as an enabler of critical, meaningful and deeper enterprise cloud adoption.
Today, CASBs can take different forms. Increasingly, a well-planned data privacy and protection program for the cloud incorporates CASB capabilities. No matter what stage of cloud adoption that an enterprise is in, a thorough vetting of the different CASBs available will be important to address key security issues, including data residency concerns, industry compliance, visibility on cloud usage and internal security best practices.