Effective Encryption of Cloud Resources
As cloud infrastructure and services take over the corporate IT environment, sophisticated data breaches continue to increase in number. With the proliferation of off-premise IT infrastructure, it has become indispensable to fortify digital assets in the cloud. Going by the adage— security is only as strong as its weakest link—organizations must pinpoint and strengthen the weakest links in their security measures and programs to effectively thwart the possibilities of data leaks in the cloud.
Potential data loss can occur due to multiple reasons: unencrypted data in transit or at rest and unprotected encryption keys being the major ones. In case of data in transit—between cloud and on-premise or user devices, two different clouds, or two applications running on separate servers—encrypting the data is critical in making it difficult to intercept and breach. Hackers can also discern an easy entry to data at rest by illegally accessing the storage if the data is not encrypted. Failing to encrypt data with effective key protection and inadequate security of master keys are other important concerns that organizations are in dire need to address.
The question that arises is how should organizations confront these challenges to ensure a resilient security posture that can obstruct modern-day threats? Enforcing authenticated and authorized access to cloud data and encrypting sensitive data at all stages are crucial. IPSec and TLS are secure data communication technologies that ensure the safety of data while in transit. For data at rest, enterprises must implement a combination of file, database, disk, and enterprise-level encryption depending upon the location of the data. Deviating from traditional key protection processes and measures, organization IT should adopt alternative key protection solutions that are better suited for the flexible software-defined environment of the cloud.
Cloud Computing Changing Management
By James Seevers, CIO & GM, Toyoda Gosei
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Bruce. D. Smith, SVP & CIO, Information Systems, Advocate...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Bernd Schlotter, President of Services, Unify
By Patrick Hale, CIO, VITAS Healthcare
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Bill Dow, SVP and General Manager of Business Solutions,...
By Jim Whitehurst, CEO, Red Hat
By Darren Cockrel, CIO, Coyote Logistics, a UPS Company...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By David Tamayo, CIO, DCS Corporation
By Neil Hampshire, CIO, ModusLink Global Solutions, Inc....