2 Factors-Authentication


Issue link: https://read.uberflip.com/i/1037492

Contents of this Issue


Page 0 of 3

Own and Manage Your Encryption Keys - White Paper 1 WHITE PAPER Own and Manage Your Encr yption Keys Customer-owned encr yption: The only way to truly safeguard data stored and managed in cloud environments Executive Summary For business leaders and IT administrators responsible for the security of enterprise data—from the most basic customer statistics to top-secret company documents—understanding the role of encryption and the management of encryption keys plays is vital to keeping confidential data just that— confidential. And, for enterprises that entrust their company's data to cloud storage, it is essential that they understand the available options for safeguarding this protected data—even if it's being managed in the cloud by a third-party vendor. This white paper discusses the importance of data encryption, the vulnerabilities of third-party encryption, the necessity of encryption key ownership, and how all of it affects the security of your company's data stored in the cloud. Introduction: Do You Have an Encryption Strategy for Data Stored in the Cloud? To keep company data safe from prying eyes—including records from interactions with customers, vendors, prospects, partners, etc.—as well as comply with regulatory compliance mandates, you need to encrypt the data. Encryption codes the data in such a way that you need an encryption key to "crack the code" and gain access to it. But, the data encryption story doesn't end there. To truly keep company data safe from unauthorized access that may place it into the wrong hands, you need an encryption strategy that considers every facet of the encryption process: from the coding of the data to the creation and management (deployment, use, and disposal) of the encryption keys. In order to learn more about why encryption alone is not enough to secure your company data in the cloud, you need to investigate the data encryption process by answering the who-what-when-where-why, and how of data encryption. And, while the technical specifications of the actual encryption method are not to be ignored, this paper specifically addresses the issues of ownership of and access to encryption and encryption keys as they relate to safeguarding data stored in the cloud. The "Who-What-When-Where-How and Why" of Data Encryption Encryption is the cornerstone of data center security. Recognized universally by analysts and experts as an underlying control for cloud data, encryption sets a high water mark for demonstrating regulatory compliance. Combined with strong key management that is controlled by the organization itself, encryption is a core mechanism for protecting data in the cloud. For business leaders and IT administrators, understanding the encryption process as it relates to the ownership of and access to company data is crucial to securing it in the cloud. There are five basic questions that will help you evaluate whether or not you have provided your company's cloud- stored data with the best protection possible. What Data Can Be Safely Stored in the Cloud? The answer is: ALL OF IT—as long as you own the encryption and the encryption keys. Even with many companies migrating to cloud storage, there still are some that prefer to encrypt in hardware, with keys safely stored on- or off-premises and in tamper-proof HSMs. For others, data that is considered "sensitive" may be encrypted and stored on- or off-premises in a physical data center and "non- sensitive" data may be stored in the cloud. The bottom line is that as long as you own your encryption and encryption keys, ALL of your company assets and information—including data from interactions

Articles in this issue

view archives of 2 Factors-Authentication - own_and_manage_your_encryption_keys_white_paper__NTT