Intelligent CISO Issue 9 - Page 74

KEEPING FUNCTIONALITY AND ENCRYPTION IN THE CLOUD Businesses in the EMEA region are embracing the cloud, storing everything from customer and sales data to intellectual property in popular SaaS and IaaS platforms. This is a boon to business, but security gaps – and growing compliance requirements – are forcing IT teams to look for ways to maintain control over data in the cloud. Anurag Kahol, CTO at Bitglass, believes cloud encryption is the most effective way to protect data – but there are a few functionality issues faced by cloud encryption solutions. He talks to Intelligent CISO about how to achieve data protection without sacrificing cloud app functionality. T he growing popularity of public cloud applications has fundamentally changed the way many businesses operate but it has also created a number of previously unseen data security and compliance issues. it takes a significant amount of stress out of operationalising business applications. However, for security teams it has the opposite effect. Without control over and visibility into cloud apps, it is hard to ensure that corporate data really is secure. This has led security teams to focus on implementing encryption techniques to attempt to shore up protection of cloud data. This is because many of the most popular cloud applications provide very little visibility or control over how sensitive data is handled once in the cloud. Instead, users are expected to simply trust that their data is being kept secure. The primary driver for cloud encryption is the need to ensure that if intellectual property, trade secrets or regulated data such as customer payment card information was lost in a breach, it cannot be viewed. For others, data residency concerns or policies that require control of encryption keys lead them to encryption. In apps Of course, many IT departments are overjoyed with this approach because 74 Anurag Kahol, CTO at Bitglass like Salesforce, this data exists as structured data, whereas in file sharing apps such as Box it is unstructured. In both cases, the most commonly used tool for encryption is a cloud access security broker (CASB). Encrypting data in the cloud can be tricky CASBs mediate connections between cloud apps and the outside world via a combination of proxies and API connectors to applications. In doing so, they create a focal point of visibility and control for cloud applications in use, with controls taking the form of data loss prevention, contextual access control and all importantly, encryption of cloud data at rest. Issue 09 | www.intelligentciso.com