|By Cloud Ventures||
|December 27, 2013 12:15 PM EST||
It’s hard to read or listen to the news without hearing concerns about protecting sensitive data. Whether it is providing security for payment card/banking information or maintaining privacy from cyber surveillance – governmental and otherwise.
Edward Snowden was back in the news last week when The Guardian revealed that the GCHQ and NSA targeted charities, Germany, the Israeli PM and EU chief on their surveillance list. These ongoing revelations have many organizations concerned about the privacy of customer data and other sensitive business information being put in the cloud.
As I wrote on our PerspecSys blog last week, the implications of the massive data breach at Target could be enormous. Information associated with the crime is still coming out including Fox News reporting yesterday that credit and debit card accounts stolen have reportedly flooded underground black markets.
IT and Security managers need absolute control of sensitive data. Cloud data security options include cloud data encryption or tokenization solutions. When examining these technologies, a few critical capabilities to look for include:
- Ensure that strong, well vetted encryption and/or tokenization solutions are used (look for solutions that have been audited by accredited third parties)
- The enterprise needs to maintain control of any and all encryption keys and/or the token vault (if tokenization is used)
- Functional preservation; end users should still be able to use cloud applications the way the want to, even with the required security layers in place.
In summary, an enterprise needs to able to keep sensitive data on premise and, before sending any information to the cloud, use tokenization or only the strongest encryption techniques make that data meaningless to anyone who attempts to access it without the corporation’s permission.
The post Cloud Privacy and Security in the Age of Data Breaches and Surveillance appeared first on Cloud Computing Best Practices.