a brief hstory of encryption
DESCRIPTION
For enterprises in regulated industries considering cloud adoption, information protection for compliance is a key concern. Data privacy and breach notification laws abound, creating potential concerns with cloud applications. Cloud encryption solves many of those problems. Cloud encryption isn’t a one-size-fits-all solution, however. Encryption works well in many cases, but then again, so does tokenization, and both options have their place in an effective cloud information protection program. Quick Primer on Encryption Encryption has long been recognized as a powerful tool for securing data (see the cool “A Brief History of Encryption” infographic below!). It uses algorithms to transform specified pieces of information so that they become unreadable until decrypted using cryptographic keys. CipherCloud offers a variety of different encryption schemes for different purposes, among them 256-bit AES encryption, and customers always host the keys locally, never in the cloud or with a cloud provider, making it a powerful tool for cloud data protection. Encryption addresses many regulatory concerns. More and more data privacy laws recognize that when data is encrypted and the encryption keys remain in the owners’ hands, a loss of data is actually not a data breach. Even when encrypted data is disclosed, it is unintelligible and useless. In such cases, safe harbor laws stipulate that the enterprises who own the disclosed data are not required to notify the public of the breach. It is only when encrypted data and the encryption keys are disclosed that problems arise. Encryption is so secure, in fact, that end-to-end encryption with enterprise control over the encryption key is the most secure and confidential method of protecting corporate data in the cloud. Overview of Tokenization Tokenization, on the other hand secures information in a different fashion than encryption. Rather than using an algorithm to transform data, tokenization replaces the actual data with structurally similar but mathematically unrelated “tokens” before the data leaves the enterprise. The original data and a token mapping table are stored on-premise in a secure database. Tokenization meet the strictest data residency laws while still taking advantage of cloud computing. Much like cloud encryption, tokenization can reduce the regulatory burden on an enterprise. The PCI Security Standards Council has declared that tokenization can reduce an organization’s PCI-DSS scope, provided that the tokenization implementation meets several recommendations. Click here for best practices and recommendations for using tokenization: http://www.ciphercloud.com/2013/10/16/cloud-encryption-the-pros-of-encryption-and-tokenization-2/TRANSCRIPT
