09-25-13 | Blog Post
We just released our latest white paper, Encryption of Cloud Data! This paper discusses the different business drivers for using encryption, including compliance regulations, and the technical options available. Check out our other white papers:
Organizations seeking to protect sensitive and mission-critical data quickly realize that there is no single answer to keep all systems completely secure. Online data security is a complex, rapidly evolving landscape, requiring robust and layered protections. Encryption is one tool in a comprehensive defense in depth strategy to mitigate the risk of accidental and intentional data breaches.
Like every other technology tool, implementation must work within a broader digital ecosystem, without disrupting the purpose that the system was designed to fulfill. Evaluating the benefits of encryption against potential tradeoffs such as cost, performance, and ongoing maintenance is at the heart of determining the most effective and efficient means of using encryption.
First, a few basics:
What is encryption?
Encryption takes plaintext (your data) and encodes it into unreadable, scrambled text using mathematical algorithms, effectively rendering data unreadable unless a cryptographic key is applied to convert it. Encryption ensures data security and integrity, even if accessed by an unauthorized user, provided the encryption keys have not been compromised. Encryption can protect data in motion, referred to encryption in transit or encryption in flight, as well as at rest; meaning in storage. Encryption often occurs at multiple levels of a system, appropriate to the context of use and other system components.
Why use encryption?
Encryption is considered a best practice for any security-conscious organization, including those that need to meet specific industry compliance requirements such as HIPAA compliance for healthcare, PCI DSS compliance for ecommerce and retail, and SOX for financial reporting. Recurring data breaches are increasing, particularly in the healthcare industry that reports an estimated $7 billion loss due to data breaches. Even those organizations that determine their risk of data loss is minimal often choose encryption to mitigate the risk of having to report a data breach, since the loss of encrypted data may not be considered a reportable event if the encryption keys remain safe.
The increased cyber threats of hackers and data theft presents a strong case for employing encryption and infrastructure that both secures data while delivering strong computing performance for optimal data availability and reliability. In this white paper, different types of encryption will be discussed, including using encryption in the cloud.
Although encryption is not a silver bullet of data or system security, it is one key tool that can be accompanied by a full arsenal of security services for a layered-defense approach to ensuring data is protected, even if accessed by unauthorized individuals. Additional security options to add to your IT solution will be covered.
The Encrypted Cloud: Mission Critical Applications, Security and Regulatory Compliance
Recently Online Tech has released their next generation cloud offering that serves clients with mission-critical applications or sensitive data. I had a chance to speak with Mike Klein, Co-CEO, about the new encrypted cloud. According to Klein, Online Tech’s encrypted … Continue reading →
Get Ready for HIPAA Audits with Encryption & A Risk Analysis
Remember the pilot HIPAA audit program conducted by the OCR (Office for Civil Rights) last year? HealthCareInfoSecurity.com reports on the findings, as revealed in an interview with an OCR attorney. About 44 percent had issues with their uses and disclosures … Continue reading →
Encrypting Backup Data for HIPAA and PCI Compliance
Stored data is a top target by hackers, especially the type of data that can be used for fraud and medical identity theft – within the healthcare industry in particular, encrypting stored data to meet HIPAA compliance is one way … Continue reading →