Security Advisor
Cloud Providers, Vendors Stepping Up Encryption
The most recent high-profile offering comes from HP with its split-key cloud security suite.
Roughly one year after the first leaked documents supplied by former NSA Contractor Edward Snowden made it into the public, security and privacy concerns for data stored in the cloud continues to be a relevant. A recent survey by Ponemon Institute LLC found that 62 percent of respondents believe the cloud services used in their enterprises have not been fully investigated for security before deployment.
Answering the trepidation of many to trust the cloud with sensitive data, many companies including Google and Microsoft have stepped up both the encryption in their services, along with increasing their rhetoric on committing to customer privacy. Microsoft said it will be bringing 2018-bit Private Forward Secrecy (PFS) as the default decryption for Office 365, Azure, Outlook.com and OneDrive, while Google is enabling encryption across all its services, including an encryption plugin for its Chrome Web browser.
HP also looks to ease cloud privacy concerns suite by putting the security tools in the hands of the user. Announced last week, the company's new HP Atalla solutions aims to encrypt organization data at rest, in motion and at use in cloud, mobile and on-premises environments.
"As organizations embrace the New Style of IT, protecting sensitive information as it moves within and outside the enterprise becomes more critical than ever before," said Art Gilliland, senior vice president and general manager, Enterprise Security Products, HP, in a press release. "Building on decades of leadership in information protection, we are now extending the scale and power of HP Atalla's encryption technology from the data center to the cloud -- safeguarding data regardless of where it resides."
A part of the suite includes HP Atalla Cloud Encryption, which protects the data before it leaves the enterprise and uses a split-key encryption process to split and combines the keys during encryption. This ensures that no matter who tries to access the data in the cloud, only a portion of the encryption key would be available and unencrypting the data could not occur without the portion stored with the user.
And those portions of the key which reside with the user/enterprise can be further protected with the HP Enterprise Secure Key Manager, which is included in the Atalla suite and offers management and protection capabilities in FIPS 140-2 Level 2 validated security appliances.
Last year we asked readers if the revelations from the leaked NSA documents had you looking to boost your own cloud data encryption levels, with more than half saying the privacy concerns raised did call for an increase. Do you think HP's offering could alleviate some the burden of protecting your cloud-bound data? If you have stepped up your encryption, which solution/service are you using? Share your thoughts in the comments below or shoot me an e-mail at [email protected]
Also, we're looking to once again take the pulse of the IT community by fielding a follow-up to our cloud privacy survey from last year. Please help to contribute to a future issue article by taking our short survey.