When the cloud lacks the security you need, what do you do?

When the cloud lacks the security you need, what do you do?

I have been doing public presentations on cloud computing for the past six years and still today the first question people ask is about security of the data stored in the cloud. Will my data be safe from prying eyes?

The answer was typically that if you keep your passwords secure your data should be pretty safe. That was before we all learned about the NSA and realised there was no such thing as secure storage in a public system. The big companies with good security advice and plenty of money to spend on options kind of knew that already.

So the answer to the question is in encrypting the data stored in the cloud before it leaves your control and then make sure you hold the encryption keys so that you are the only person or company on the planet that can see the information unless you send it to someone else in a decrypted state.

I recently discovered a company that can do just that. The company is Vaultive*, who operate out of Israel where there is a booming IT economy, as discussed recently by David Thodey CEO of Telstra in his personal blog

This week the security specialist company announced that their encryption tools have enabled the first global bank to migrate to Microsoft Office 365. This is Microsoft’s cloud email and office suite solution that scales from one connection for a micro business to, in this case, tens of thousands of connections.

The bank chose Vaultive to provide the necessary data encryption required for its project to migrate the bank’s global workforce to the cloud. The bank based its selection on the criteria of strong data encryption, functionality, performance, responsiveness, and support for multiple cloud-applications.

According to Vaultive’s media release:

While banks and other financial services firms have long been at the forefront of technology trends, this is not the case with cloud computing. Strict regulatory requirements, as well as security and disclosure concerns, have prevented cloud adoption. In addition, firms that operate globally are constrained from migrating to the cloud by a growing number of international data residency laws.

This is certainly the case for businesses in Australia that are part of the government or which handle government information. It is also a potential issue with our new privacy laws taking effect.

While our local SME businesses may have different concerns, these same services are available locally and can help our SME clients to avoid expensive infrastructure needs.

Vaultive successfully addressed the issues preventing the bank’s move to the cloud. With Vaultive deployed at the bank’s gateway, the bank persistently encrypts all data before the data leaves the bank’s network. Of particular importance, the bank’s IT department – not Microsoft – retains the encryption keys, ensuring that the bank maintains complete ownership, control and governance of its data, regardless of where it resides.

The solution used here protects data in transit, at rest and in use. The persistent encryption enables server-side operations, including search, sort and index on encrypted data, without ever decrypting the data.

By providing the global bank with complete control of their data, they have empowered the customer to gain the benefits of migrating to Office 365, including eliminating redundant centres supporting global email, reducing email infrastructure, and transforming IT into an enabler of the most advanced applications. As the customer holds the encryption keys and data is encrypted before leaving the private network it ensures that Microsoft or Google or the NSA get no visibility of the transmitted or stored data.

If you are worried about data privacy or data sovereignty this is the sort of solution you have been waiting for and it is available here in Australia. The good news is that for the people using it, it is invisible and seamless, totally simple so the above complex explanations of what it does are only for the technical people assessing the tool against their requirements.

The rest of us can just have the technology put in place and get on with business as usual with a sense that our data is secure and private.

*My company Combo is currently one of two resellers of Vaultive’s product in Australia.

David Markus is the founder of Combo – the IT services company that is known for solving business problems with IT. How can we help?

 

COMMENTS

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments