What Are the Different Types of Cloud Encryption?
There are three broad types of cloud storage encryption:
- Data-at-rest encryption protects stored information that isn’t actively being moved or used. This includes data stored on cloud servers, local stacks and user devices.
- Data-in-transit encryption defends information on the move. In practice, this means protecting data as it moves to and from cloud storage and as it’s transmitted between end-user devices on your network.
- Data-in-use encryption helps secure information even when it’s being actively used by staff for business applications.
For Vanover, “in-transit and at-rest encryption are table stakes today. Data-at-rest encryption is the bare minimum.” Both are relatively easy to deploy — companies can either apply third-party encryption services to existing data in the cloud or leverage encryption services offered by their cloud providers. Data-at-rest encryption provides solid security for stored information that isn’t being actively used, while data-in-transit is now critical to defend against common threat vectors such as eavesdropping and man-in-the-middle attacks.
Data-in-use encryption comes with a higher bar to entry since data must be decrypted on a per-user basis. Here, the key to security success lies with robust access management applications and polices that restrict data access by role, in turn limiting the number of data decryption requests.
What Are the Benefits of Cloud Storage Encryption?
According to Nick Brackney, senior consultant for cloud marketing at Dell Technologies, the benefits of cloud encryption don’t exist in isolation but are “part of a defense-in-depth strategy that leverages a shared responsibility model.”
This starts with data classification: determining what data must be protected and which type of encryption offers the best fit. For example, historical financial data kept for compliance and stored on a cloud server may benefit from data-at-rest encryption, while resources used regularly by remote workers may require more in-depth encryption to ensure end-to-end protection.
Enterprises must also decide if they’re best served providing their own encryption or relying on cloud providers. “Some companies are bringing their own encryption to the cloud; some use the cloud provider,” says Brackney. Both are viable methods, but he notes that “it’s better for the company rather than the vendor to hold the encryption keys. If the vendor has the keys, your data is at risk of being exposed and you may not even know it.”
What Challenges Come with Cloud Encryption?
For Brackney, deploying effective cloud storage encryption isn’t just about the technology itself. “If you’re going to make this transformation,” he says, “it requires new processes and policies. You need to bake in the security knowledge and culture.”
Vanover, meanwhile, highlights the challenges of rapid cloud transitions for many companies, noting that “in March 2020 a lot of organizations had a hard decision to make when it came to the cloud: Do we do it right, or do it right now? They had to do it right now.” As a result, it’s now critical for companies to evaluate their encryption landscape to ensure the solutions they have in place are delivering on defensive outcomes. “This is a balancing act between risk and resiliency,” he says. “We need to have our data and services but also need them to be as secured as possible.”