What is Cloud Encryption?
Cloud encryption refers to a service offered by cloud storage providers in which they encode data before it is uploaded to the cloud. Encryption uses special algorithms called “ciphers” in order to convert data into “ciphertext.” This data can only be unscrambled with a decryption key which is only given to authorised users. Even if the data is lost, stolen, or hacked, the encrypted data is unreadable without its key. As such, cloud encryption is widely regarded as one of the most effective data protection measures. The cryptography expert Ralph Spencer Poore explains the primary benefits of encryption:
“information in motion and information at rest are best protected by cryptographic security measures. In the cloud, we don’t have the luxury of having actual, physical control over the storage of information, so the only way we can ensure that the information is protected is for it to be stored cryptographically, with us maintaining control of the cryptographic key.”
Why Should You Avail of Cloud Encryption?
- Lower risk of data loss: Cloud services are more robust than physical hardware storage and, by backing up cloud-based data in another location (either cloud or physical), you’ll still have your data to call upon if one source is affected by disasters such as power outages.
- Greater security of data: Encryption provides an extra security layer to your data as, even if a hacker or cloud provider attempted to gain access to the data, they would not be able to read it. The American Director, Laura Poitras, explains that this should also be accompanied by a strong data protection policy, “Those who are experts in the fields of surveillance, privacy, and technology say that there need to be two tracks: a policy track and a technology track. The technology track is encryption. It works and if you want privacy, then you should use it.”
- Hides data from hackers: When data in your cloud is encrypted, it prevents hackers from reading your data.
- Easier data management: Cloud encryption services can encrypt attachments automatically or prevent the sending of emails containing sensitive personal information, thus cutting down on data being leaked due to human error and making data management easier, especially for large businesses handling huge volumes of data.
- GDPR Compliance: Under the EU’s General Data Protection Regulation (GDPR), organisations have a responsibility to process personal data in a responsible and secure way. In fact, the regulation specifically cites encryption as an effective method of protecting data from exposure and unauthorised access.
Cloud Encryption Locations
Client-side cloud encryption occurs when data is encrypted on a user’s computer before it is uploaded to the cloud, using a digital key that’s unknown to the storage server. This is sometimes called ‘zero knowledge’ storage, as the company does not know what a user has stored or where. It is the safest option for companies who need to store a lot of highly sensitive data (e.g. healthcare operations with patient files), but encryption keys need to be minded very carefully because, if they are lost and so is your data, the storage provider won’t be able to decrypt your files.
In-transit cloud encryption refers to the security of data while travelling from a user’s computer to a file server. The server and computer exchange encryption keys so that data isn’t accessible to anyone else on the same network during uploading, thus creating a secure path for the data to travel. While it is not as robust as client-side encryption, with data only encrypted during transit, it is a value option for businesses who just have non-sensitive information to encrypt.
At-rest: This means that data is stored in an encrypted state on the storage provider’s servers and, in tandem with in-transit encryption, is generally a sound option for businesses who aren’t handling highly sensitive files. If choosing at-rest storage, double-check their user agreement policies regarding the encryption and decryption of data.
Tips for Cloud Encryption
1. Back up your data to a separate cloud platform
You should always back up important data to an alternative cloud platform in case one malfunctions or is hacked. If this option is not available, you could back up cloud data locally so that, in the event of cloud-based data being lost or corrupted, you’ll have another copy to call upon.
2. Work with your cloud provider
Find out about the various types of encryption that your cloud provider offers so that you can get the encryption service that is best suited to your requirements.
3. Devise an encryption plan
Identify the data that you need to encrypt and devise a plan to ensure that your most sensitive data is prioritised.
4. Understand the details of your encryption agreement
5. Practise secure activity
Ensure that your staff understand the risks associated with accessing cloud data and that they don’t do anything to compromise the security of this data, e.g. caching login details, failing to log out of accounts, using unsecured WiFi networks.