There is a new “cloud war” being waged within enterprises. Executives craving cloud services as a less costly, more efficient and functional way to manage their business square off against IT departments losing sleep over very real risks of data security, not to mention privacy, residency and security compliance requirements. The distinct party line, and main barrier to cloud adoption, typically boils down to data security. In reality, the true barrier to cloud adoption isn't the security itself but understanding data security and knowing how to utilize solutions such as cryptography to protect sensitive information in a cloud infrastructure.
The way organizations conduct business today is evolving and the black and white line between data “inside the company” and “outside” is changing to gray. Exchanging information between employees, partners and vendors has become an essential requirement for many organizations, and a daily battle fought by all company executives against IT departments. However, the need for all parties to share their work across company lines highlights the need for keeping data secure - a sharpened arrow used by IT departments to fight back.
Cryptography helps support data security in this ever-changing environment by providing access to sensitive information to those that hold a “key” and renders the information useless to those who don't.
The main driver of cryptography segment is not business operations; rather, it is compliance with security requirements within regulatory statutes. This is most noticeable among financial institutions, retailers and the healthcare industry where strict regulations are in place to protect personal information. For example, according to the U.S. Department of Health & Human Services, protected health information (PHI) is rendered unusable, unreadable, or indecipherable to unauthorized individuals if appropriately encrypted.
The data that requires encryptions will vary for all businesses, even those within the same industry. IT teams must weigh several factors throughout this process but first should classify data into three categories (public, limited access and confidential) to have a better understanding of which sets are business critical. Then they should determine the longevity of the data and how long it will live in the cloud (the longer data resides in the cloud, the greater the likelihood it will require encryption). And finally, develop a data governance policy determining who can access the data, through what platforms and for how long.
While addressing regulatory demands is imperative, all companies should view cryptography as part of a larger program given the benefits. First, it reduces reliance on in-house applications and infrastructure for protecting data. Second, it provides the ability to scale security for solutions and staff to support a variety of business operations. Third, it facilitates free flow of information by reducing the organization's reliance on managed devices and allows end-users to employ the device they choose. Fourth, cryptography creates new collaboration models by allowing rapid migration of application and data to the cloud while protecting the data. Finally, it extends the organization's IT enterprise beyond its data centers by protecting data irrespective of its origin, the network path it traverses, and servers that stores the data.
Through these benefits and implementing cryptography as a larger program, company executives and IT departments can begin to seek a truce to this “cloud war” as it provides each what they are looking for – increased flexibility and efficiency, and overall data security.
Like any other technology, while there are multiple benefits of cryptography, no single solution fits all scenarios. Cloud data encryption is need-specific. A solution that works well in an Infrastructure as a Service (IaaS) cloud may not work well in a Software as a Service (SaaS) cloud environment. However, there are many benefits to IaaS that provide the flexibility and efficiency most organizations seek including: simplicity, as it offers the ability to streamline encryption that not only enables data storage in a specific location, but also to secure it and separate the encryption. There there's security, because instead of relying on each employee to encrypt data, IaaS facilitates the application. Lastly, speed, because as large amounts of data are encrypted, IaaS applies the power necessary to make the process fast and efficient
Ultimately, cryptography provides the last line of defense for a company's sensitive information. In order for cloud users to reap the benefits, IT decision makers need to be aware that cryptography is available, understand how to use it and identify the appropriate solution for their business. Only then will we finally see a truce in the cloud war.