In this blog post, you’ll learn all about the best approach to leverage cloud hosted services for management and storage of your data but still retain full control over who can access your data – in the cloud or anywhere else.
Data Encryption as the game changer for cloud utilization
Protection of sensitive information and the need for privacy and compliance are the main driving forces for data protection solutions. The growing popularity of technologies like cloud computing with its challenging implications for privacy make the need even more acute as more and more organizations consider hosted services as an alternative to on-premises solutions.
Data encryption can help you use cloud-hosted services without compromising privacy or confidentiality of your data. In the following we are addressing the topic of ownership of encryption keys and why it is especially important in cloud hosted scenarios.
The findings from this blog post apply to all sorts of hosted solutions, foreign hosted clouds, hybrid clouds as well as sovereign clouds.
What exactly is cloud data storage?
Cloud data storage is a service provided by a hosting provider that offers data storage as a service of its hosted infrastructure. The service provider operates and maintains all infrastructure necessary for providing that data storage service enabling customers to store, retrieve, and manage their own data securely and efficiently. As a result, they and possibly other parties may have access to all data stored through their service.
Approaches for keeping data secure in hosted environments
Data owners hold the legal rights and responsibility over every piece of data they own. They are responsible for defining who may access the data and what they can do with it. This may either be in their own interest or a requirement to comply with regulations. In most cases, the data owner is the organization or individual that has collected or created the data. Encryption allows you to achieve this while maintaining control over who can access the data.
Client-Side Encryption
Client-side encryption refers to encryption that is performed outside of any of the cloud provider’s services. In such a scenario, data is encrypted on the endpoint before it is transmitted to the service provider. Therefore, it protects the data from access by unauthorized persons or entities, whether during transmission or at rest at the service provider.
Client-side encryption helps with:
- Data protection
- Cloud storage
- Privacy and confidentiality
- Compliance
- Data loss prevention
Key Custody
Key custody refers to the management and safekeeping of cryptographic keys. Self-custody is a model where an individual or entity holds and manages access to all their keys. It ensures complete control over who can access the keys and when. This includes the ability to remove assigned keys and consequently revoke access to the data.
Key Custody enables secure key protection and key access management, enhancing the security of the encrypted data.
Why you should combine client-side encryption and key custody for complete data protection
Encryption is ensuring confidentiality and integrity of your data and protecting them from unauthorized use or loss. Client-side encryption with data and keys hosted by at third party is definitely a step in that direction but runs the risk of having both – data and keys – accessible by someone else. The same holds true for self-custody, if keys are made available to third parties for performing the encryption. Only the combination of client-side encryption and the use of keys from a self-custody model can protect data from unauthorized access.
Only if cloud-stored data is securely encrypted and the encryption keys are securely managed and stored outside of the cloud-environment, their protection is reliable, secure and you are fortified against all types of unauthorized access.
Better Together – Utimaco’s solutions for reliable client-side encryption
Sensitive information stored in the cloud must be protected. A layered approach including strong access control and encryption is essential for achieving the required level of protection. Utimaco’s LAN Crypt File and Folder Encryption offers with its client-side encryption a viable means of ensuring protection for data stored in hosted in cloud environments.
With Enterprise Secure Key Manager, Utimaco provides the ideal solution for self-custody of the encryption keys, helping you to ensure that keys are never passed on or shared with the hosting provider or any other third party. In combination, LAN Crypt File and Folder Encryption and Enterprise Secure Key Manager are the right tools to ensure that data always remains protected, regardless of where it is stored, and is accessible only to authorized persons.
Watch the recording of our webinar, providing insights into how both solutions work together.
