sdecoret - stock.adobe.com
What are 3 encryption for cloud storage best practices?
There are several different methods to cloud storage encryption. These best practices for encryption can help improve security of important cloud data.
Encryption for cloud storage is essential.
Without encryption, data could potentially be visible to a cloud provider's entire staff. Encryption is also critical to keeping data protected if a cloud storage provider suffers a breach.
These three important best practices for encryption for cloud storage will help keep data safe.
Encrypt data at rest and in flight
The phrase cloud storage encryption generally refers to encrypting the bits stored on a disk in the cloud data center -- data at rest. This encryption is undeniably important, but it isn't the only type to implement.
Encrypt data both at rest and in flight. Data in flight is data transmitted to or from the cloud, or from one location within the cloud to another. Use IPsec or a similar encryption protocol to help prevent anyone from accessing data as it flows across a network.
Depending on the type of data, take advantage of application-level encryption. Many databases, for example, offer data encryption that is separate from the encryption available at the storage level.
Treat all data with equal importance
Regarding encryption for cloud storage, treat all data equally. Some IT pros recommend admins classify data based on its sensitivity and then secure and encrypt it in accordance with its classification. The problem with this approach is that it opens the door for data to be left unprotected if an admin misclassifies it.
From an administrative standpoint, it is easier and more secure to treat all data as sensitive data and to secure it accordingly.
Take advantage of zero-knowledge encryption
Zero-knowledge encryption enables an organization to store its encryption keys outside of the cloud. While a cloud storage provider can host an organization's data, it can't read the data because it does not have possession of the encryption keys.
Zero-knowledge encryption prevents the keys from being transmitted to the cloud storage provider. This practice of encryption for cloud storage eliminates any possibility that the provider will be able to gain access to data.
Dig Deeper on Cloud storage
Related Q&A from Brien Posey
Pros and cons of building up VDI in the current market
Determining how to host and manage desktops for an entire organization is a major task, so business leaders need to understand the modern VDI market ... Continue Reading
What are the Microsoft 365 password requirements?
When IT administrators manage passwords for Microsoft 365 accounts in Azure AD, they can deploy and remove critical policies that can improve overall... Continue Reading
Can composable infrastructure and computational storage mix?
'Composable' and 'computational' are often said in the same breath, but how exactly are they related -- or not? While there are differences, a ... Continue Reading