A report released by the Ponemon Institute in Traverse City, Michigan reveals that nearly 74 percent of cloud consumers believe the cloud provider is the most responsible for protecting their data, while an alarming 63 percent of respondents aren’t even sure what cloud providers are doing to protect their sensitive or confidential data. These conflicting statistics may be privy to the confusion surrounding the cloud, compliance and data security.
Considering nearly 50 percent of organizations currently transfer sensitive or confidential data to the cloud (and another 33 percent are likely to in the next two years), cloud security should be paramount to not only satisfy corporate compliance laws and regulations, but to also prevent a data breach.
Specifically addressing Encryption in the Cloud, the study also examines where data encryption is applied:
- 38 percent rely on encryption of data as it is transferred over the network between their organization and the cloud
- 35 percent encrypt data before it reaches the cloud provider
- 27 percent rely on encryption in the cloud
Encryption takes plaintext (your data) and encodes it into unreadable, scrambled text using algorithms that render it unreadable unless a cryptographic key is used to convert it.
Why is encryption so important for data security? Even if an intruder could gain access to your network or even mobile device containing sensitive data, the data would be unreadable unless they also had access to the encryption key that unscrambles the data.
Additionally, for healthcare organizations that must meet HIPAA compliance, encrypted data that is breached is not subject to the Dept. of Health and Human Service’s Breach Notification Rule.
Encryption is also required by PCI DSS compliance for organizations that collect credit cardholder data – specifically to protect PANs (Primary Account Number) anywhere they’re stored. This includes on mobile digital media, backups and logs.
For a completely secure cloud, ask your cloud provider what their infrastructure can provide for full encryption of your data at rest.
Securing your backups and creating a disaster recovery plan is another step to protecting your data in the cloud – read our Disaster Recovery white paper for more about different disaster recovery and offsite backup technical solutions, from traditional to virtualization (cloud-based disaster recovery), as well as considerations in seeking a disaster recovery as a service solution (DRaaS) provider.
A case study of the switch from physical servers and traditional disaster recovery to a private cloud environment details the differences in cost, uptime, performance and more. This white paper is ideal for executives and IT decision-makers seeking a primer as well as up-to-date information regarding disaster recovery best practices and specific technology recommendations.
Encryption for the HIPAA Compliant Cloud
Many cloud computing infrastructure as a service (IaaS) providers may provide log monitoring, antivirus, web application firewalls, SSLs, dedicated SANs and more for healthcare organizations, but often the missing ingredient lies in one key technical aspect: encryption. Encryption for healthcare … Continue reading →
Securing Regulated Data with a Private Cloud Infrastructure
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute described how the shift of the attack surface from the mobile device is moving to unsecure places in the cloud environment with unsecure data, as reported by HealthITSecurity.com. More specifically, … Continue reading →
Encryption in the Cloud (PDF)