Security Advisor

Cloud Providers, Vendors Stepping Up Encryption

The most recent high-profile offering comes from HP with its split-key cloud security suite.

Roughly one year after the first leaked documents supplied by former NSA Contractor Edward Snowden made it into the public, security and privacy concerns for data stored in the cloud continues to be a relevant. A recent survey by Ponemon Institute LLC found that 62 percent of respondents believe the cloud services used in their enterprises have not been fully investigated for security before deployment.

Answering the trepidation of many to trust the cloud with sensitive data, many companies including Google and Microsoft  have stepped up both the encryption in their services, along with increasing their rhetoric on committing to customer privacy. Microsoft said it will be bringing 2018-bit Private Forward Secrecy (PFS) as the default decryption for Office 365, Azure, Outlook.com and OneDrive, while Google is enabling encryption across all its services, including an encryption plugin for its Chrome Web browser.

HP also looks to ease cloud privacy concerns suite by putting the security tools in the hands of the user. Announced last week, the company's new HP Atalla solutions aims to encrypt organization data at rest, in motion and at use in cloud, mobile and on-premises environments.

"As organizations embrace the New Style of IT, protecting sensitive information as it moves within and outside the enterprise becomes more critical than ever before," said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP, in a press release. "Building on decades of leadership in information protection, we are now extending the scale and power of HP Atalla's encryption technology from the data center to the cloud -- safeguarding data regardless of where it resides." 

A part of the suite includes HP Atalla Cloud Encryption, which protects the data before it leaves the enterprise and uses a split-key encryption process to split and combines the keys during encryption. This ensures that no matter who tries to access the data in the cloud, only a portion of the encryption key would be available and unencrypting the data could not occur without the portion stored with the user.

And those portions of the key which reside with the user/enterprise can be further protected with the HP Enterprise Secure Key Manager, which is included in the Atalla suite and offers management and protection capabilities in FIPS 140-2 Level 2 validated security appliances.

Last year we asked readers if the revelations from the leaked NSA documents had you looking to boost your own cloud data encryption levels, with more than half saying the privacy concerns raised did call for an increase. Do you think HP's offering could alleviate some the burden of protecting your cloud-bound data? If you have stepped up your encryption, which solution/service are you using? Share your thoughts in the comments below or shoot me an e-mail at [email protected]

Also, we're looking to once again take the pulse of the IT community by fielding a follow-up to our cloud privacy survey from last year. Please help to contribute to a future issue article by taking our short survey.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

  • Microsoft Shifts 2020 Events To Be Online Only

    Microsoft is shifting its big events this year to be online only, including Ignite 2020.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.