For several years, the rate of cloud adoption has been steadily growing as businesses of all sizes realise its numerous cost and productivity benefits. The emergence of COVID-19 and the ongoing disruption to traditional office-orientated business models, however, have driven adoption levels to unprecedented heights. In fact, Microsoft CEO Satya Nadella recently claimed that his company saw two years of digital transformation in just two months at the start of the pandemic, with cloud adoption playing a huge role in that.
With cloud adoption now on a steep upward trajectory, businesses are increasingly focused on its security, and what they must do to protect their sensitive data once it leaves the safety of on-premises storage servers. One of the best solutions currently available — cloud encryption — warrants closer examination. This article will explore the benefits of cloud encryption in more detail, as well as some of the challenges associated with it, before laying out some cloud encryption best practices to follow to ensure data protection at all times.
What is cloud encryption?
Cloud encryption is an umbrella term describing the range of different solutions that encrypt data before it’s transferred to the cloud for storage. Many cloud storage providers offer some form of cloud encryption as part of their services, with applications ranging from encrypted connections to limited encryption of only sensitive data, to full end-to-end encryption of anything/everything that’s uploaded. In all these models, the cloud storage provider will encrypt the data upon receipt and then share the encryption keys with the customers, allowing them to securely decrypt it whenever required.
What are its key benefits?
Encryption is widely seen as one of the most secure approaches to cloud data protection because it scrambles the contents of any file, system or database in a way that makes it almost impossible to decode without the correct decryption key. As such, by applying robust encryption to their sensitive data and maintaining good decryption key management practices, businesses can fully safeguard sensitive data even after it leaves the physical premises.
Should any encrypted sensitive data get stolen, copied, or lost, anyone trying to access it will find it completely unreadable without the relevant decryption key, stopping them firmly in their tracks. This is particularly beneficial for data stored in the cloud because it means that even in the event of an account, system, or even provider being compromised, everything remains fully protected.
Cloud encryption is also extremely useful for any organisation that operates in regulated sectors/industries such as financial services. This is because encryption, when combined with a range of other security measures, allows businesses to enjoy the benefits of the cloud while also meeting the strict compliance requirements for things like the Payment Card Industry Data Security Standard (PCI-DSS) and the General Data Protection Regulation (GDPR).
What are its primary challenges?
Uptake is perhaps the biggest challenge currently associated with cloud encryption. Despite its undoubted effectiveness, cloud encryption still remains somewhat under-adopted. Fortunately, this is changing as more organisations ask their cloud providers to deliver better levels of security and regulatory compliance. Even with this progress, however, uptake remains below the level many security experts expect.
Why is this? A big reason is cost. Encryption can be expensive for cloud storage providers because of the additional bandwidth required to encrypt data before moving it to the cloud. Many providers look to pass this cost onto customers, making it unattractive.
As a result, many providers only offer limited (and therefore, cheaper) cloud encryption services, while cloud customers often prefer to simply encrypt their data on-premises before moving it to the cloud. Some cloud customers will choose this approach regardless because it saves costs and it can be more convenient to keep the entire encryption process in their environment.
Tips to ensure cloud encryption best practice
For organisations looking to increase their cloud encryption activity, there are a few things to consider to maximise effectiveness.
- Choose your cloud provider wisely: When selecting a cloud storage provider, it’s important to start by identifying all sensitive data that will be moved to the cloud and mapping out the security needs associated with it in advance. Pinpoint everything that needs protecting and only go with a provider that offers a suitable level of encryption to meet these needs.
For example, a media and production business using cloud storage for video footage may only need encryption for specific account credentials — not for any of the material being uploaded to the cloud. Conversely, a software development company using cloud storage services to share IP and source code would need a much higher level of security, so is better suited to a provider offering end-to-end encryption.
- Look after your keys: Effective management of encryption keys (both those owned by a business and those provided by cloud providers) is critical. All keys should be kept well away from the data they are associated with, with any backups stored offsite and audited regularly. Keys should also be refreshed on a regular basis, particularly if they expire automatically after a set amount of time.
Some organisations choose to encrypt keys themselves but doing so can create unnecessary layers of complexity. Another best practice for key management is to implement multi-factor authentication for both the master and recovery keys, for added peace of mind.
With cloud adoption currently skyrocketing because of the pandemic, there’s a renewed focus on ensuring any sensitive data being transferred and stored is truly secure. One of the most effective ways to achieve this is using cloud encryption, and there’s a growing range of providers and applications out there to help businesses achieve the level of security they need and desire. While not without its challenges, a well-planned, well-implemented cloud encryption solution can help businesses enjoy all the benefits of the cloud, while ensuring highly sensitive data is kept away from prying eyes and hands.