The Data Encryption Keeper

This blog post is sponsored by the Enterprise CIO Forum and HP.

Since next week is Halloween, and Rafal Los recently blogged about how most enterprise security discussions are FUD-filled (i.e., filled with Fear, Uncertainty, and Doubt) horror stories, I decided to use Tales from the Crypt as the theme for this blog post.


Tales from the Encrypted

One frightening consequence of the unrelenting trend of the consumerization of IT, especially cloud computing and mobility, is that not all of the organization’s data is stored within its on-premises technology infrastructure, or accessed using devices under its control.  With an increasing percentage of enterprise data constantly in motion as a moving target in a sometimes horrifyingly hyper-connected world, data protection and data privacy are legitimate concerns and increasingly complex challenges.

Cryptography has a long history that predates the Information Age, but data encryption via cryptographic computer algorithms has played a key (sorry, I couldn’t resist the pun) role in the history of securing the organization’s data.  But instead of trying to fight the future of business being enabled by cloud and mobile technologies like it was the Zombie Data-pocalypse, we need a modern data security model that can remain good for business, but ghoulish for the gremlins, goblins, and goons of cyber crime.

Although some rightfully emphasize the need for stronger authentication to minimize cloud breaches, data encryption is often overlooked—especially who should be responsible for it.  Most cloud providers use vendor-side encryption models, meaning that their customers transfer non-encrypted data to the cloud, where the cloud vendor then becomes responsible for data encryption.


The Data Encryption Keeper

However, as Richard Jarvis commented on my previous post, “it’s only a matter of time before there’s a highly public breakdown in the vendor-side encryption model.  Long term, I expect to see an increase in premium, client-side encryption services targeted at corporate clients.  To me, this will offer the best of both worlds, and will benefit both cloud vendors and their clients.”

I have to admit that in my own security assessments of cloud computing solutions, I have verified that the cloud vendor was using strong data encryption methods, but I didn’t consider that the responsibility for cloud data encryption might be misplaced.

So perhaps one way to prevent the cloud from becoming a haunted house for data is to pay more attention to who is cast to play the role of the Data Encryption Keeper.  And perhaps the casting call for this data security role should stay on-premises.

This blog post is sponsored by the Enterprise CIO Forum and HP.


Related Posts

The Cloud Security Paradox

The Good, the Bad, and the Secure

Securing your Digital Fortress

Shadow IT and the New Prometheus

Are Cloud Providers the Bounty Hunters of IT?

The Diderot Effect of New Technology

The IT Consumerization Conundrum

The IT Prime Directive of Business First Contact

A Sadie Hawkins Dance of Business Transformation

Are Applications the La Brea Tar Pits for Data?

Why does the sun never set on legacy applications?

The Partly Cloudy CIO

The IT Pendulum and the Federated Future of IT

Suburban Flight, Technology Sprawl, and Garage IT