Data-Centric Protection – Security

Data-Centric Protection – Security that stays with the Data
There are a number of ways to protect data in the cloud. Some have already been referenced, such as access controls and monitoring. The purpose of this document is not to provide a comprehensive overview of cloud security. There are a number of excellent resources for readers that are looking for additional insight on the subject including the Security Guidance for Critical Areas of Focus in Cloud Computing and Cloud Controls Matrix (CCM) both available from the Cloud Security Alliance (CSA) site at: http://www.cloudsecurityalliance.org/Research.html.
As discussed in Domain 11 of the Security Guidance for Critical Areas of Focus in Cloud Computing V2.1v, one im-portant way to increase data protection, confidentiality and integrity is to ensure that the data is protected in transit and at rest within the cloud using file-level encryption. As the CSA Security Guidance points out, “encryption offers the benefits of minimum reliance on the cloud service provider and lack of dependence on detection of operational fail-ure.”
Data-centric protection through encryption renders the data unusable to anyone that does not have the key to decrypt it. No matter whether the data is in motion or at rest, it remains protected. The owner of the decryption keys maintains the security of that data and can decide who and what to allow access to the data. Encryption procedures can be inte-grated into the existing workflow for cloud services. For example, an admin could encrypt all backup data before send-ing into the storage cloud. An executive can protect corporate IP before putting it into the private cloud. And a sales representative could encrypt a private customer contract before sending it to a collaborative worksite, like Sharepoint, in the public cloud.