Feb 03 2021

How to Keep Your Data Secure with Cloud Storage Encryption

With network environments expanding and data exploding, cloud encryption is a critical tool for keeping information secure.

Spurred by the double impact of an evolving global pandemic and the emerging benefits of Everything as a Service solutions, cloud adoption is gaining speed. The result is both a disparate and diffuse data environment: Information must be quickly disseminated to offsite devices across a growing network of interconnected and interdependent infrastructure.

One challenge: security. More data traveling quickly to more devices means greater room for error, making effective data defense a top priority. However, with IT teams already working at full speed to monitor and manage remote IT rollouts, they need solutions that deliver both immediate protection and long-term prevention.

Cloud storage encryption offers an ideal starting point. Let’s examine the basics of cloud encryption, including common applications, potential benefits, possible pitfalls and emerging market leaders.

MORE FROM BIZTECH: Learn how to move beyond security to achieve cyber-resilience. 

What Is Cloud Storage Encryption?

Cloud storage encryption — or simply cloud encryption — is the process of converting unsecured or “plain text” data to a more secure format using algorithms that methodically alter information to make it unreadable. Data is only accessible using a unique decryption algorithm, also called a key, which may be held by local IT, cloud providers or both. Encryption is often considered the first, best line of defense for data since it provides substantive benefits with relatively low costs and limited complexity.

Rick Vanover, senior director of product strategy for Veeam, puts it simply: “Companies should encrypt data in as many places as possible, and encrypt as early and as often as possible.” He recommends using proven encryption standards such as Advanced Encryption Standard 256 to help secure data. While other, more advanced options are available, Vanover notes that “AES 256 lets you extend to other components and seamlessly provide a mechanism to retrieve data.”

Vanover also highlights the benefits of streamlining the encryption process wherever possible, using what he calls integrated encryption. “If your backup application is writing to the cloud,” he says, “let it handle encryption. This creates less human interaction, plus you have it streamlined for the use of the application.”

What Are the Different Types of Cloud Encryption?

There are three broad types of cloud storage encryption:

  1. Data-at-rest encryption protects stored information that isn’t actively being moved or used. This includes data stored on cloud servers, local stacks and user devices.
  2. Data-in-transit encryption defends information on the move. In practice, this means protecting data as it moves to and from cloud storage and as it’s transmitted between end-user devices on your network.
  3. Data-in-use encryption helps secure information even when it’s being actively used by staff for business applications. 

For Vanover, “in-transit and at-rest encryption are table stakes today. Data-at-rest encryption is the bare minimum.” Both are relatively easy to deploy — companies can either apply third-party encryption services to existing data in the cloud or leverage encryption services offered by their cloud providers. Data-at-rest encryption provides solid security for stored information that isn’t being actively used, while data-in-transit is now critical to defend against common threat vectors such as eavesdropping and man-in-the-middle attacks.

Data-in-use encryption comes with a higher bar to entry since data must be decrypted on a per-user basis. Here, the key to security success lies with robust access management applications and polices that restrict data access by role, in turn limiting the number of data decryption requests.

MORE FROM BIZTECH: Learn what to look for to know if your organization has an insider threat problem.

What Are the Benefits of Cloud Storage Encryption?

According to Nick Brackney, senior consultant for cloud marketing at Dell Technologies, the benefits of cloud encryption don’t exist in isolation but are “part of a defense-in-depth strategy that leverages a shared responsibility model.”

This starts with data classification: determining what data must be protected and which type of encryption offers the best fit. For example, historical financial data kept for compliance and stored on a cloud server may benefit from data-at-rest encryption, while resources used regularly by remote workers may require more in-depth encryption to ensure end-to-end protection.

Enterprises must also decide if they’re best served providing their own encryption or relying on cloud providers. “Some companies are bringing their own encryption to the cloud; some use the cloud provider,” says Brackney. Both are viable methods, but he notes that “it’s better for the company rather than the vendor to hold the encryption keys. If the vendor has the keys, your data is at risk of being exposed and you may not even know it.”

What Challenges Come with Cloud Encryption?

For Brackney, deploying effective cloud storage encryption isn’t just about the technology itself. “If you’re going to make this transformation,” he says, “it requires new processes and policies. You need to bake in the security knowledge and culture.”

Vanover, meanwhile, highlights the challenges of rapid cloud transitions for many companies, noting that “in March 2020 a lot of organizations had a hard decision to make when it came to the cloud: Do we do it right, or do it right now? They had to do it right now.” As a result, it’s now critical for companies to evaluate their encryption landscape to ensure the solutions they have in place are delivering on defensive outcomes. “This is a balancing act between risk and resiliency,” he says. “We need to have our data and services but also need them to be as secured as possible.”

Which Companies Provide Cloud Encryption Solutions

The right technology provider goes a long way in bridging the gap between cloud data protection and performance. Some of the well-known companies providing cloud encryption solutions include:

  •   Symantec, which offers a multilayered security solution that includes endpoint security, system recovery and robust encryption.
     
  •   Dell EMC, whose comprehensive lineup of hardware and software solutions can optimize business operations, while encryption services such as PowerStore can help maximize data protection.
     
  •   Veeam, a leader in the cloud backups that offers best-of-breed encryption offerings to ensure critical recovery data is always defended.
     
  •   Kaspersky, which provides a complete and fully integrated security platform to help companies avoid malware threats, improve application control and enhance data encryption.

The bottom line: When it comes to cloud data defense and more encryption, doing it more often typically provides the best outcome. Vanover puts it simply: “If data leaves your site, it should be encrypted. This is amplified in the cloud. My advice is to restrict access and encrypt your data in the cloud.”

Getty Images/ dem10