HOME
VAR Panchayat

Balancing Cloud with Data Protection

by VARINDIA 2017-04-19
Balancing Cloud with Data Protection
Encryption and tokenization are becoming accepted best practices to support compliance with data privacy laws and improve overall security
 
Global cloud adoption continues to accelerate, but organizations in many countries have been hesitant to use cloud because of concerns over the privacy and sovereignty of sensitive data. Privacy laws have been enacted in many countries aimed at requiring organizations to protect personal data of their customers, patients, subscribers, etc from hackers, with stiff penalties for data breaches and non-compliance. Many of these countries are also extending these laws to address heightened concerns about the potential for external countries and their intelligence agencies, e.g. CIA (US), MI6 (UK), MSS (China), etc to access sovereign data residing with foreign cloud providers.
 
But today’s reality is that most cloud providers have infrastructure that crosses national boundaries and even continents, but with ubiquitous access, comes with a loss of visibility and control over where your data is actually located. While some of these providers are opening data centers in multiple countries with the goal of satisfying local privacy laws, there is a common misconception that by opening local data centers a cloud provider necessarily meets local data privacy laws.
 
Data Sovereignty Vs Data Residency
 
Many people assume that data residency equals data sovereignty. In other words, if you control the location of data, then you also control what laws might apply to that data. This used to be the case in the physical world – if paper personnel records are stored in a file cabinet in India, a court in Europe would have no ability to demand access to these records. But this model has not kept up with today’s electronic records, connected systems, and the very nature of the cloud.
 
In order to assure data sovereignty, you must look beyond where data is stored at rest, and consider where the data might travel and where it is controlled. Most cloud providers that support data centers in multiple regions maintain centralized “command and control” over their networks and data – usually in the country where the provider originated. For instance, courts and intelligence agencies in the US can demand US cloud companies, e.g. Amazon, Salesforce, Google, etc to turn over data stored in their controlled data centers in Europe, Singapore and India.
 
Enabling Cloud while Protecting Privacy
 
Despite these challenges, the benefits of the cloud are too significant to ignore – reducing costs, fast deployment, easy scalability, and making businesses more agile and competitive. This has created a growing interest in customer-controlled encryption and tokenization solutions that enable organizations to leverage the cloud while assuring that sensitive data is not exposed.
 
The basic premise of customercontrolled encryption is simple and elegant – organizations encrypt specific data before it goes to the cloud, and maintain persistent control over the data during its entire lifecycle.
 
With any encryption solution, it is critical that the encryption keys are held exclusively by the organization, and not shared with the cloud provider to ensure that no outsider, hackers or foreign agencies can access protected data.
 
Tokenization follows a similar model to meet strict data residency requirements. Sensitive data is stored in a secure repository controlled exclusively by the organization, while random substitute tokens are sent to the cloud.
 
Encryption or tokenization, if properly applied, can eliminate the possibility of cloud providers or outsiders accessing or disclosing sensitive personal data either by accident, hacking, malicious insiders, or forced government disclosure.
 
Security companies are providing innovative solutions to address these key cloud challenges. They allow organizations to retain complete control over their data in the cloud by applying encryption and tokenization, in real time, before sensitive data leaves the enterprise, using keys that are retained by the organization. The data protection provided is operationspreserving to not impact the application functionality and usability.
 
Business and government organizations today face greatly increased challenges when managing consumers’ personal information, including a dramatic increase in the use of cloud computing, steep increases in cybersecurity threats and global increases in data protection regulations and penalties for noncompliance
 
Given the rapid changes in cloud technology and the slow pace of regulations, specific technical requirements are not fully spelled out in most data protection laws. This means that it is incumbent on organizations to take reasonable and adequate measures to protect sensitive data, and implement sufficient measures to prevent data breaches, business interruption, and reputational damage. Encryption and tokenization, if properly implemented, are becoming well accepted best practices to support compliance with data privacy laws and improve overall security.

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
T-Mobile confirms breach by Chinese hackers in ongoing cyber espionage campaign

T-Mobile confirms breach by Chinese hackers in ongoing cyber espionage campaign

Helldown ransomware expands its reach, targeting Linux systems and virtualized environments

Helldown ransomware expands its reach, targeting Linux systems and virtualized environments

Sattrix and Cloud IOT sign JV to drive cybersecurity and digital transformation business in Southeast Asia

Sattrix and Cloud IOT sign JV to drive cybersecurity and digital transformation business in Southeast Asia

SOFTWARE
View All
PhonePe & Bharat Connect to announce easy contributions for NPS

PhonePe & Bharat Connect to announce easy contributions for NPS

Elastic collaborates with LG CNS to enable innovation in knowledge management

Elastic collaborates with LG CNS to enable innovation in knowledge management

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

Veeam announces update to Veeam Backup for Salesforce on Salesforce AppExchange

START - UP
View All
ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

ideaForge Soars Past 550,000 Flights, Reinforcing Indian Drone Leadership

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

HCLTech and Inspeq AI Join Forces to Promote Responsible AI

Whatfix and Deloitte India Partner to Drive Digital Adoption

Whatfix and Deloitte India Partner to Drive Digital Adoption

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Start-Up and Unicorn Ecosystem
Tata Elxsi, DENSO, and AAtek Open New Robotics and Automation Lab in Frankfurt

Tata Elxsi, DENSO, and AAtek Open New Robotics and Automation Lab in Frankfurt

Prudential Unveils Global AI Lab in Singapore

Prudential Unveils Global AI Lab in Singapore

HPE delivers its fastest exascale supercomputer El Capitan to Lawrence Livermore National Laboratory

HPE delivers its fastest exascale supercomputer El Capitan to Lawrence Livermore National Laboratory

Cloudera announces new AI Assistant with intelligent capabilities

Cloudera announces new AI Assistant with intelligent capabilities

Futurense Launches India’s First Futurense Leadership Council

Futurense Launches India’s First Futurense Leadership Council

MediaTek Powers India's Digital Future with Latest Innovations

MediaTek Powers India's Digital Future with Latest Innovations

Akamai launches ready-to-deploy, cloud-agnostic application platform

Akamai launches ready-to-deploy, cloud-agnostic application platform

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

AMD debuts Versal Premium Series Gen 2 SoCs to power data-intensive workloads

NXP rolls out pioneering Ultra-Wideband wireless battery management system

NXP rolls out pioneering Ultra-Wideband wireless battery management system

Netpoleon India Partners with Cavisson Systems

Netpoleon India Partners with Cavisson Systems