The industry has been talking about the benefits of cloud computing and BYOD for some time. However, as jurisdictional and regulatory controls tighten, questions about where data is stored, and how it’s protected are being raised.
Different countries have different laws about data sovereignty. Some insist that certain types of data are kept where the government will have legal jurisdiction over it, which usually means within its borders.
Questions of privacy and compliance must be answered. Companies need to know which information can be collected, where and how it can be stored and transmitted. Importantly, they must also know which security controls must be in place, and how to react in should a data breach occur.
According to Jayson O’Reilly, director: Sales and Innovation at security solutions vendor DRS, these issues can be a serious spanner in the works for businesses wanting to store or process data in the cloud, as cloud providers often store, process or back up data across several global locations. Data residency issues are also top of mind for large enterprises that have offices around the world in more than one jurisdiction.
Adopting cloud computing can also be an issue for hosted messaging and other services that rely on storing a large amount of personal information.
“Protecting data is an increasingly difficult job,” says O’Reilly. “It is becoming more time consuming and costly, particularly when you consider that cybercriminals are coming up with increasingly cunning ways to bypass security controls.”
Every new approach to protecting data is sooner or later met with an even more clever attack from cyber criminals.
“The increasing sophistication of attacks, combined with the tighter and stricter regulatory environment, is seeing CIOs spending fortunes on multiple security tools and systems to protect their businesses,” he adds.
The question really, is how to companies stay compliant when bearing in mind the plethora of rules and regulations, as well as trends such as BYOD and big data that are increasing the complexity of the problem.
O’Reilly believes that one way of doing this through obfuscating the data at the source, before the data even enters the cloud.
“By doing this, companies can move their data onto the cloud, while remaining compliant, as the data cannot be accessed by the wrong people. Encrypting data at the source means it can be moved across the network, over mobile and wireless devices and through the enterprise, all while remaining private and protected.”
He says DRS offers an encryption solution from Trustwave that is a single product that protects information across the entire enterprise.
“Far better than a collection of applications pieced together on a platform, Trustwave Encryption is one integrated product with encryption technology that covers persistent file encryption, full disk encryption, encryption for file shares, encryption for USB drives and CD/DVD as well as encryption for e-mail attachments.”
O’Reilly says Trustwave’s differentiator is its Smart Tags, that contain encryption and protection policies that stay with data as it travels from device to device, so data is consistently protected regardless of where it is stored. The technology is also device-independent, removing the frustrating decryption / re-encryption cycles.
Protecting data at the source is the best defence. Obfuscating data renders it worthless to cyber criminals, and eliminates the risk of non-compliance, as the data is unreadable to outsiders, regardless of where it is stored.