Security in the age of the cloud, particularly at the SaaS application level, has become a shared responsibility. Cloud platform vendors own security at the infrastructure level, while businesses are responsible for defining and enforcing policies internally. As users possess the power to control the access, creation, and distribution of sensitive data at a faster pace than ever before, users have claimed a seat at the security table.
The cloud impacts one of the primary instruments in the security toolkit: encryption. Encryption is naturally a rigid method for controlling users and data – a barrier. As we move to the cloud, encryption in its traditional format can become cumbersome and counter-effective to broad SaaS adoption and warrants reevaluation.
Over the next several weeks, we will discuss the whats, whys, and hows of encryption for your cloud applications of choice. In the meanwhile, learn about CloudLock’s selective encryption solution for cloud encryption.
Why A Different Approach is Necessary
1. Explosion of Data. The cloud has led to massive growth in the sheer volume of data, as users can now create, edit, and share information within seconds. Yet only a very small percentage of this data is sensitive to an organization and should be constrained.
Encrypting every single file and folder interferes with the performance of SaaS applications and with native cloud functionality, such as search — this is expensive and unnecessary, as not all data poses the same level of risk. Encrypting everything is akin to bubble wrapping an entire house instead of focusing on those fragile items that matter. Make sure to focus your efforts and controls on only what matters. Find a way, automated or not, to classify and prioritize sensitive data – and leave the rest alone.
2. The Mobility of Users. Users are now mobile and the workspace has followed suit. Consequently, attempting to control people through traditional means such as a VPN in the network is impractical and unrealistic.
Users are accessing SaaS applications outside of traditional corporate networks. The network devices associated with the on premises paradigm introduce a single point of failure and lack the scalability and ease of deployment that has become the new standard.
Additionally, forcing users through a gateway impacts the speed and data accessibility benefits of cloud applications, often leading to user frustration.
Approach encryption in a way that works with the mobile nature of your workforce and avoids barriers that drive users underground. Through a mobile-friendly approach, organizations can accelerate the adoption of SaaS applications within the enterprise.
3. User Expectations. Whether leveraging IaaS, PaaS or SaaS platforms, users are now more productive, efficient, and collaborative than ever – both in business and their personal lives. If enterprises encrypt everything or force users through a VPN, they may slow the user experience and reduce productivity, once again, introducing frustration.
With a universe of cloud-based tools at their fingertips, users will naturally find the path of least resistance to accomplish their work, quickly identifying and adopting alternatives. In doing so, users may circumvent monitored channels and deny security teams the visibility and control they seek.
Acknowledge the need of users to work like they live and incorporate their needs, as well as their capabilities, in the development of an encryption strategy.
4. Native Cloud Functionality Preservation. In the cloud, encryption at the network level has the potential to break the native functionalities of cloud platforms and has the potential to diminish their built-in value. For example, when data is encrypted, it is rendered unusable, breaking search functionality. Additionally, it is no longer possible to use this data in building reports.
Preserving the ability for users to collaborate with external audiences is essential. Consider an approach that preserves external collaboration such that encryption can become a business enabler, rather than a hinderance.
A New Approach
An approach to instituting encryption in the cloud should embrace the benefits of SaaS applications. As only a small percentage of corporate data in the cloud is sensitive, taking a selective, risk-appropriate approach allows for the necessary level of security without interfering with the native mobile, productive, collaborative benefits of SaaS applications.
We recommend working with your users and incorporating them in your security efforts rather than blocking them. After all, who knows more regarding which files contain sensitive data than users? Empower your users to secure files they know to contain sensitive data through encryption, and, in doing so, reduce the workload on IT while improving your organization’s security posture.
As security teams continue their role through the development and enforcement of policy, users should compliment these efforts through self-selecting which data to encrypt. A selective and user-centric approach to encryption represents an evolution in the mentality of information security and the incorporation of users in security operations.
Stay tuned for the next blog in our encryption series: “Debunking Encryption Myths in the Age of the Cloud.”
How are you encrypting your enterprise’s sensitive data in the cloud? For a more comprehensive introduction to encryption in the cloud, download our complimentary eBook, Data Encryption in the Cloud: A Handy Guide, featuring best practices to keep in mind, tips and tricks to get started, and more.