Dedicated to Providing Insight Into the Enablement of Cloud Hosting Environments.

Cloud Hosting Journal

Subscribe to Cloud Hosting Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Hosting Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Cloud Hosting Authors: Vaibhaw Pandey, Matt Brickey, Harry Trott, Yeshim Deniz, Liz McMillan

Related Topics: Cloud Computing, Memopal, Compliance Journal, Government News, Cloud Hosting & Service Providers Journal, Cloud Backup and Recovery Journal, Platform as a Service, Sarbanes Oxley on Ulitzer, Java in the Cloud

Blog Feed Post

What Types of Data Require Cloud Encryption?

Encryption is more important in the cloud than in the physical data center

Government laws and industry regulations in the United States and around the world mandate protection of sensitive data. Data must be secure when at rest, during transactions and when it transverses network connections. Each industry has specific regulations, which are commonly used in data centers and should be used in the cloud as well.  Whether cloud encryption is demanded by your government, your industry, your customers, or simply your own good business sense – it is a best practice for any business that operates in the cloud.

encrypted cloud storage Cloud Encryption  cloud encryption data What Types of Data Require Cloud Encryption?Encryption is more important in the cloud than in the physical data center. This is, quite simply, because clouds do not have walls like data centers do. Encryption is an excellent solution for creating a mathematical replacement for physical walls – keeping data secure and private, and keeping the bad guys out.

The following types of data are especially susceptible and should always be encrypted by the enterprises and organizations that store it:

  • Financial data – Any kind of financial data, such as credit card information, bank account numbers and credit-related information must be protected. Throughout the world, PCI DSS regulations require strict security measures for any company that deals with credit cards.
  • Public company accounting – For publically traded companies, the Sarbanes-Oxley rules regulate the reporting of financial data by public companies and require auditable security measures.
  • Health data – Information about health insurance, medical care and personal data like Social Security numbers or home addresses must be kept private. US guidelines for this type of data are mandated in the HIPAA regulations (updated in 2013).
  • Individual data – Any information which can be used for identity theft or other illegal activities, such as addresses, phone numbers and Social Security numbers must be protected as well. A number of US states and European countries have laws governing Personally Identifiable Information (PII).
  • Government data – All USA governmental agencies are required to follow FISMA guidelines to protect data from security breaches. Information about government programs falls under these regulations.
  • Military data – This is, of course, a part of the government, but with its own unique and even more stringent requirements.
  • Confidential business data – While unregulated, this type of data is often the target for the most sophisticated attacks. This is because it is worth billions. Trade secrets, business intelligence, research and sales data as well as information about customers need to be kept private.

Encrypted cloud storage

The best way to protect sensitive data in the cloud is through encrypted cloud storage. Cloud encryption services provide protection of the data wherever it is located in the cloud. Since even the most secure networks can occasionally be breached, it is important to encrypt data so that even if files are hacked, they cannot be read. Cloud encryption companies are experts in stopping security breaches; it is their job to continually update and monitor their services to ensure good security.

At Porticor, an extra measure has been taken: a patented technology called homomorphic key management, which keeps private data outside the hands of even the cloud provider. The master keys are in the hands of the company who owns the data and cannot be deciphered by anyone else.

More information about homomorphic key encryption is available in our whitepaper.

The post What Types of Data Require Cloud Encryption? appeared first on Porticor Cloud Security.

Read the original blog entry...

More Stories By Gilad Parann-Nissany

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.