Beruflich Dokumente
Kultur Dokumente
A Handy Guide
Table of Contents
Introduction
...01
...02
...04
...06
...07
...08
...09
...10
Introduction
The Fine Balance Between Security and Business Objectives
Data encryption has existed for decades as a necessary means of controlling user access
to, and distribution of, sensitive information. While it provides invaluable security
benefits, encryption can often become a barrier - conflicting with the end user computing
experience and broader modern business objectives, such as SaaS adoption.
Left unmonitored and uncontrolled, cloud technologies allow users to expose data in
new ways. As the data, users, and usage migrate from secure on premises infrastructure
to the cloud, as does risk of data leakage. Security practices that do not accommodate
for the human element encourage users to leverage the mobile and BYOD trends in the
modern workforce to bypass burdensome corporate policy.
Security professionals are faced with a new imperative in the cloud: to simultaneously
maximize organizational security and satisfy business goals while enabling user
productivity. Integrating encryption into the cloud computing model requires striking
that delicate balance.
01
The challenges associated with a traditional approach to encryption in the cloud are owed
to three phenomena: the explosion of data in the cloud, the expectations of the modern
user, and the criticality of preserving native cloud functionality.
02
03
People often carry the same series of misconceptions regarding encryption in the cloud.
Here, we discuss four common and widely-accepted fallacies and offer an alternative
viewpoint.
04
05
Gone are the days when all organizational data resides within on premises servers with
only provisioned products used for content creation. The cloud encourages users to store
content in a number of SaaS applications, from Google Drive, to Salesforce, to Dropbox,
and more.
To instill effective encryption practices, first conduct a survey to gain an
understanding as to where content is created and stored. Determine the platforms and
SaaS applications users are on and the locations in which data is stored.
Next, identify candidates for file-level encryption. Determine what sensitive content
specific to the corporation exists. Leverage a monitoring solution to process data stores
for material that violates regulation or internal policy and consider refining policies with
input from domain experts. Discovery of appropriate content is an interative
process - starting with wide filters that are increasingly tuned to identify true positives
with high precision.
06
Location Consolidation
Where appropriate, consolidate the data into a few key repositories so it may be better
managed and proactively promote adoption of this system with your users. Analyze the
data use and take measures to mitigate data sprawl.
Data Control
Ensure there are sufficient security safeguards in place surrounding the identified content
and it is not exposed through unvetted 3rd party apps. When users leverage their
corporate credentials (OAUTH) to enable 3rd party apps, a backdoor into the organization
is opened via the apps access scope. Should the app be compromised and used to
maliciously gain access to the domain, encryption provides an additional layer of
protection.
Determine who the essential employees are that require access to the data and ensure it
is not exposed to inappropriate parties - internal or external. If changes are appropriate,
get users onboard with any decisions and best practices that are introduced.
07
Encryption is suitable for securing the most sensitive files, but for it to be an effective and
adopted security measure in practice, the selected technology needs careful
consideration. In choosing a solution, consider the following elements:
f the solution is
too invasive or
cumbering, users
will seek
alternatives
User Experience
A positive user experience is essential. To the greatest
extent possible, the solution needs to be seamless to
the end user, permitting the full functionality of the
platform they have enjoyed previously - all while
providing a high degree of security. If the solution is too
invasive or encumbering, users will seek to circumvent it
to maintain effectiveness in their role.
Compatibility
The encryption solution ideally needs to be compatible with all the platforms where
sensitive data may reside, and with all devices that may access it. Requiring users to
understand and use multiple encryption technologies, coupled with limiting device
support, will lead to confusion, frustration, and, again, circumvention.
Actionability
The encryption solution must be actionable from the discovery point. Possessing the ability
to encrypt files containing sensitive information rapidly will dramatically improve
organizational security posture.
08
Create policies that secure your enterprise - without interfering with the user experience.
The tuned data classification mechanisms from the discovery phase combined with DLP
techniques for identifying enterprise-specific sensitive content should be used to create
actionable policies.
Review Content
Offer Encryption
A content owner that logs in one day to find their files have been automagically encrypted
will not be a happy employee. User involvement in actions is essential. Including the user
in security initiatives by encouraging them to review their content and take action enables
users to evolve from a passive employee, capable of leaking data inadvertently, to an
educated, active stakeholder and ally in organizational security. Through adopting a
people-centric approach to encryption and security at large, organizations can reduce the
workload on IT while mitigating the risk of users exposing sensitive data.
09
Conclusion
Encryption in the Cloud Done Right
As organizations standardize on SaaS applications and users self-provision in the cloud,
enterprises must recognize the importance of data security in this brave new world. Adapting
conventional on premises security mechanisms to the cloud, such as encryption, requires careful
consideration. A contemporary cloud-conscious and user-centric approach to encryption can help
organizations accelerate SaaS adoption by enabling a higher degree of control over access to
sensitive data stored in the cloud.