/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMCLEAN, USA: Today's CIOs and CISOs are facing continued pressure to adopt the cloud enterprise-wide while managing the increasing operational and security risks associated with it.
While the challenge can be daunting, a new report from research company Gartner Inc. highlights the role that encryption and tokenization technologies can play in helping enterprises adopt cloud services, even those in highly regulated industries or in regions with strict data sovereignty requirements.
The report, "Simplify Operations and Compliance in the Cloud by Encrypting Sensitive Data," recommends that CIOs and CISOs, "simplify audits such as the Payment Card Industry Data Security Standard (PCI DSS) when using cloud services by implementing access controls and encryption or tokenization of sensitive data."
Gartner highlights sector-based data compliance requirements, such as PCI DSS, as drivers for organizations to consider adopting encryption and tokenization technologies.
Regarding this issue, the report goes on to say that "an alternative is to avoid storing the data in those jurisdictions, such as the U.S. and U.K., which use legal access or interception of data through laws such as the USA Patriot Act and the U.K. Regulation of Investigatory Powers Act."
But the report cautions enterprises to clearly think through the implications of deploying these technologies in their environments.
Gartner's research helps enterprises understand these risks and highlights the following:
* Protect sensitive fields/columns while using cloud SaaS applications
* Do not store keys or use keys in other jurisdictions, or use a third party; otherwise the encrypted data could be accessed if the keys are available
* It is important to review the claims of vendors carefully due to the novel and unique implementations of encryption solutions... Enterprises should always check the claims of vendors that their solutions are based on proven security models
* When keys or tokens are managed on-premise, always check the impact on the access and availability of the cloud service provider (CSP) and the performance of appliances
* A growing best practice is emerging where enterprises encrypt data stored in the cloud and manage the keys locally.
PerspecSys views itself as unique in the security category that Gartner calls "Cloud Encryption Gateways" because the security solution provider claims that, it is the only provider in this category that enables organizations to use proven, validated encryption modules from companies such as Voltage Security, SafeNet, Symantec, McAfee and RSA as the gateway's encryption technique.
While leveraging these encryption modules, the PerspecSys says, its Cloud Data Protection Gateway simultaneously protects cloud data and preserves critical end-user functionality of cloud applications, such as sophisticated searching and reporting.
David Canellos, CEO of PerspecSys, said: "This Gartner report is timely because of the increased concern about data ownership and privacy in the cloud fueled by ongoing reports of data surveillance and the implications these revelations will likely have on future regulations and compliance mandates."
"The security strength of the underlying data protection techniques that an enterprise uses is critical. This is why PerspecSys has refused to use any of the weakened security approaches that the report urges CIOs and CISOs to fully understand. I'm astonished to see some competitors tell enterprises they need to use modes of encryption modules that have not been opened up to public scrutiny and do not have well-vetted security proofs when they want to preserve cloud application functionality," said Canellos.
Canellos further added, "This is a totally unacceptable position that opens these organizations to security risks as well as compliance and audit challenges. We do not force this tradeoff on our customers, which is why we are seeing our approach win in the marketplace."