Happy New Year, friends and colleagues. As we embark on this new journey of a cloud security tip each month, we are overwhelmed by the news of the recent Target data breach during the busy holiday shopping season, which affected 70 million customers, whose credit/debit card information, personal names, mailing addresses, phone numbers or email addresses may have been accessed by hackers.
Many of us are personally affected by Target’s exposure to fraud as consumers, but all of us are now asking questions as industry professionals responsible for the security of our data. How can we protect our critical business data from breaches like the one experienced by Target? As cloud security experts, we ask this question in the context of cloud infrastructure.
Cloud Encryption: The first critical step.
Target has claimed that the PIN codes used by consumer debit cards were encrypted. If they were properly encrypted, then hackers may have 70 million PIN codes that they cannot decipher and cannot use in any way. This is a classic case of encryption being used to achieve a sort of “Safe Harbor” – even if something goes wrong, the business can fall back on encryption as a line of defense.
Obviously, you cannot avoid storing, sending, or using information online. Online transactions are an integral aspect of our lives and businesses. Do you remember, or can you imagine, a world without online payment or email?
You are building your own mission critical application, and like all of us – you want to leverage the technology of these digital times. As you do more and more in the cloud, you must manage systems that use multiple private and public locations, manage backups, recover from disasters, and provide your own customers with privacy.
The best practice for doing all this is, of course, Cloud Encryption. Cloud encryption forms a digital fortress around your important information. It is required for anyone who has sensitive data in the cloud.
Best of all, through proper management of encryption keys, you can defend all of the multiple copies inherent in modern systems – multiple clouds, multiple backups, multiple restore points – and ensure a centralized control in a very distributed world.
Cloud Encryption: Which Data to Protect
So when we say ‘sensitive’ data, what do we mean? If you are wondering What Types of Data Require Cloud Encryption, the list should include:
- Financial Data
- Public Company Accounting
- Health Data
- Individual Personal Data
- Government Data
- Military Data
- Intellectual property
- Legally sensitive information
- Confidential Business Data
Cloud Encryption: The Benefits
If your business operates in the cloud, there are many benefits to properly encrypting your data:
- Protect Data: Even if your systems are breached, your data remains inaccessible.
- Comply with Regulations: HIPAA, PCI, SOX, and EU regulations all require cloud encryption for businesses operating online.
- Save Reputation, Fines, and Bureaucracy: In the case of an attack (if it happened to Target, it can happen to you), if your data is properly encrypted, “Safe Harbor” can be achieved, and you will not suffer the damage to reputation, heavy fines, and reporting bureaucracy involved.
This year, we will discuss 12 important cloud security tips. Starting with Cloud Encryption in January is not a coincidence. Strong encryption is a fundamental building block of cloud security, and we wanted to cover it right away. As the months unfold, we will learn more about the Target data breach – the access point abused by the attackers, whether personal data was encrypted, the strength of the encryption used for the PINs, and the fallout…
Target is not alone. Data breaches happen every day. They happen to big companies and government agencies and they happen to small enterprises. The perpetrators come from the inside or attack the perimeter, the access points are different, the damage mitigation may change… but no matter the circumstances, proper cloud encryption can provide you with Safe Harbor.