01-27-14 | Blog Post
“I’ll take a large deep dish with pepperoni, banana peppers and … encryption.”
Yep, encryption is everywhere. Even at your local pizza shop, hopefully, if its owners heeded the advice offered in a recent PizzaMarketplace.com article titled ‘Why now is the time to upgrade your POS system.’ The author cites several industry executives discussing how the investment for an upgraded system is worth it compared to the flaws of outdated systems. One big reason: PCI compliance. Newer systems provide end-to-end encryption, cloud-based processing and tokenization, effectively eliminating all credit card data storage.
A particularly interesting nugget of information from that story: Laura Gaudin, product manager at Revention, tells the website that PCI compliancy is a moving target that will continue to change as software hackers discover new vulnerabilities.
Why is encryption so important at a data center? That question was already answered quite well by our co-CEO Mike Klein, in an Industry Perspectives article on Data Center Knowledge. Let’s recycle, shall we:
So why is encryption important? The short answer is that the regulations require it, and what regulators say goes. HIPAA has explicit rules about how encryption should be deployed in the data center and IT networks. PCI does, too, for protection of financial information. Sarbanes-Oxley is a little more coy about encryption. SOX language doesn’t explicitly mention encryption, but it’s impossible to achieve all of its security requirements without employing encryption technology. So all of the regulations are unanimous: Encryption isn’t negotiable.
It’s no surprise that encryption is a major focus of each of these regulations: Proper encryption can not only prevent security breaches, but also minimize the impact if a breach happens. If customer information or patient information is lost or stolen, encryption provides an additional layer of security that prevents bad guys from doing anything with that data. As a last line of defense, it can save companies millions of dollars in costs if a security breach does happen, and help them avoid costly fines, legal actions and negative publicity.
If encryption has so many benefits from a security perspective, why isn’t it ubiquitous? Because encryption in traditional corporate data centers is hard, expensive, prone to human error (with all the responsibilities related to key management, for example) and it creates performance bottlenecks that can make the phone ring off the hook for data center professionals. Those issues conspire to make encryption a major pain in the you-know-what in an enterprise data center environment, but it’s even worse in the cloud. Encryption in the cloud has even more technical challenges…and is even more expensive…and often has an even more pronounced impact on performance. Those drawbacks have discouraged companies from being aggressive about encryption, despite what the mandates say. In fact, less than half of companies that work under mandates like SOX, HIPAA and similar regulations have successfully implemented encryption processes in their cloud deployments.
You can read Klein’s full article, ‘How the Cloud Learned to Stop Worrying and Love Encryption,’ here. In it, he explains that Online Tech has developed an encrypted cloud that takes care of encryption steps for clients without those performance bottlenecks.
Our encrypted clouds don’t burden clients with key management, custom programming or third-party software that can slow down the performance of core applications. Hardware-based encryption is built into the SAN (storage area network), meaning data is encrypted as it’s being written to drives, and decrypted when read from drives with no impact on performance. That’s particularly important when hosting mission-critical applications in the cloud.
Automatic encryption at rest comes with every cloud, from a single cloud server to large enterprise cloud infrastructures. Encryption of data in transit can be achieved with SSL certificates, two-factor authentication and VPNs (virtual private networks).
Encryption isn’t the data security silver bullet – our full suite of technical tools are meant to be layered up to build a multi-faceted, complete data and application security solution. But all of our cloud hosting solutions are HIPAA, PCI and SOX compliant – meaning we undergo annual audits to ensure compliance on our end.
We can’t make the POS system at your favorite pizza chain – or any other organization, for that matter – completely compliant. But we know what we’re responsible for as your secure cloud service provider, and which requirements we can satisfy for your organization.