computer keyboar with blue key with white cloud and blue padlock

Tackling Cloud Security with Encryption

Encypt your data in the cloud

When I talk with different businesses about their hurdles and reservations about moving to the cloud, the one thing that always comes up is security. Many businesses have trust issues with the cloud and they feel uneasy about the level of protection that their data and other computing resources may have in the cloud. While in a sense that may seem a bit overly paranoid because cloud vendors will all tell you that their data centers are far more secure than your data center ever will be, and that they have security specialists who rigorously follow all the security best practices.

Related: Microsoft Uses Security as the Latest Driver to Spur Cloud Adoption

Even so, in another sense from the personal perspective you can see that it really does require a big step of faith and a lot of trust in your cloud vendors to entrust them with your data. After all, you would be moving the data—which is essentially one of your organization’s most valuable assets—from your on-premises infrastructure which is 100 percent under your control to an off-premises hosting environment that is 100 percent not in your control. That requires trust.

Access Concerns

There are access concerns as well. To access on-premises data, users need to have access to your network. For many businesses, this requires a physical presence or at least a VPN connection. The ubiquitous nature of the cloud enables worldwide access given the appropriate authentication.

The recent NSA and PRISM scandal raised the concerns about cloud security to a whole new level. While vendors are working at assuaging customer’s security concerns, the news that the U.S. government has access to your data really doesn’t help sell cloud security. Based on a report from survey’s done by the Cloud Security Alliance, 56 percent of non-U.S. organizations stated they would be less likely to use a U.S.-based cloud provider because of these national security programs.

In a competitive global market, this kind of thing may give non-U.S. cloud vendors a bit of an edge. The overall impact the NSA and PRISM scandal has on cloud adoption is unclear, but one thing is clear: If you’re seriously considering the cloud, then you also need to seriously consider data security technologies.

It’s a certainty that cloud usage will continue to grow, but how do organization’s deal with these cloud security concerns? One of the answers is data encryption. These days data encryption isn’t just some arcane technology for spies or other covert operations. Data encryption can help to ensure that only authorized users can access your corporate data.

Ways to Encrypt Cloud Data

You can encrypt cloud data in a number of ways. The .NET Framework provides application level encryption and decryption methods. If you’re running a SQL Server database application in an IaaS offering like Amazon’s EC2 or Azure Infrastructure Services, you can take advantage of SQL Server’s Transparent Database Encryption (TDE) or column-level encryption capabilities. Oddly, this is only in an IaaS instance of SQL Server. The Azure SQL Database doesn’t support TDE or column level encryption.

If you’re interested in protecting data at the file system level and you’re running IaaS in the cloud, you can choose to use Windows Encrypting File System (EFS) or BitLocker. There are also some interesting third party products like StorSimple that offer hybrid storage solutions where a local storage appliance is seamlessly connected to encrypted cloud storage on the backend.

The bottom line: If you’re seriously looking at using the cloud as a data store, then encryption is a must if you want any real data security.

Related: Attention, IT Pros: You Can Help Evolve a Secure Cloud, Too

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.