sdecoret - stock.adobe.com
Encryption for cloud storage is essential.
Without encryption, data could potentially be visible to a cloud provider's entire staff. Encryption is also critical to keeping data protected if a cloud storage provider suffers a breach.
These three important best practices for encryption for cloud storage will help keep data safe.
Encrypt data at rest and in flight
The phrase cloud storage encryption generally refers to encrypting the bits stored on a disk in the cloud data center -- data at rest. This encryption is undeniably important, but it isn't the only type to implement.
Encrypt data both at rest and in flight. Data in flight is data transmitted to or from the cloud, or from one location within the cloud to another. Use IPsec or a similar encryption protocol to help prevent anyone from accessing data as it flows across a network.
Depending on the type of data, take advantage of application-level encryption. Many databases, for example, offer data encryption that is separate from the encryption available at the storage level.
Treat all data with equal importance
Regarding encryption for cloud storage, treat all data equally. Some IT pros recommend admins classify data based on its sensitivity and then secure and encrypt it in accordance with its classification. The problem with this approach is that it opens the door for data to be left unprotected if an admin misclassifies it.
From an administrative standpoint, it is easier and more secure to treat all data as sensitive data and to secure it accordingly.
Take advantage of zero-knowledge encryption
Zero-knowledge encryption enables an organization to store its encryption keys outside of the cloud. While a cloud storage provider can host an organization's data, it can't read the data because it does not have possession of the encryption keys.
Zero-knowledge encryption prevents the keys from being transmitted to the cloud storage provider. This practice of encryption for cloud storage eliminates any possibility that the provider will be able to gain access to data.
Dig Deeper on Cloud storage
Related Q&A from Brien Posey
Public bucket access is a prevalent and discussed S3 security issue. However, there are several other important security measures to take, including ... Continue Reading
Tape still plays a key role in backup, including offline protection from ransomware. What are some key improvements that will keep tape backup ... Continue Reading
Cloud-based video surveillance storage can help organizations with compliance and retention. Be mindful, though, as high storage volume can quickly ... Continue Reading