Cloud Data Encryption and SaaS Security
PerspecSys Encryption strategies include using algorithms to protect data – both at rest and in the cloud – from unauthorized access.
Encryption is a process used to protect information in transit and storage. It involves conversion of clear text data into ciphertext, which cannot be read by unauthorized people. Encryption is used to safeguard sensitive information stored and processed through networks, the internet, and mobile and wireless devices.
In the cloud, encryption algorithms are used to protect outgoing data, so that information is not vulnerable once it’s outside an enterprise. It is commonly used to achieve compliance with industry regulations, including HIPAA and PCI DSS and is an essential cloud data security tool for organizations using popular SaaS applications, such as Salesforce.com and Oracle CRM On Demand.
The PerspecSys cloud protection gateway uses cloud data encryption and tokenization to provide a vital level of SaaS security without sacrificing application functionality. And here is a key point related to PerspecSys encryption strategies: Our solution does not depend on any proprietary encryption modules or “Function Preserving Encryption” to preserve the essential SaaS application functionality users need. PerspecSys customers are free to install any available JCA/JCE-compliant cryptographic module, including those that are FIPS 140-2 certified. In fact, we are the only cloud security company that supports FIPS 140-2 validated encryption modules while simultaneously preserving critical SaaS functionality.
For organizations that decide to implement encryption, another important consideration is ownership of the encryption keys. The Cloud Security Alliance recently published guidance on best practices for implementing encryption and they highlighted this important consideration stating “based on the Segregation of Duties security principle, key management should be separated from the cloud provider hosting the data. This provides the greatest protection both against external breach of the service provider as well as an attack originating from a privileged user/employee of the provider. Additionally, this segregation of duties prevents the cloud provider from unauthorized disclosure of customer data, such as compliance with a subpoena, without the customer knowledge or approval. The customers should retain complete control over their data and only they should be able to comply with disclosure requests.”
Learn more about tokenization.
Find out more about cloud security issues.