To secure their data in the cloud, companies are using encryption-based products supplied by vendors, these analyst noted. At the same time, companies are still relying on cloud providers to provide basic security for noncritical data.
There is growing concern among companies and government organizations about storing sensitive data in a shared cloud environment, where they no longer have control over it, noted Frost and Sullivan analyst Michael Suby.
Suby said that companies are looking to protect data in the cloud through encryption keys and robust key management. This enables companies to secure data from breaches as well as prevent the cloud provider from accessing the information if they decide to end their relationship with the cloud provider.
“The big issue that is stopping companies from moving things, or certain things, to the cloud is data security”, noted Forrester Research analyst Jonathan Penn. “That is what is causing hesitation in the market about cloud adoption.”
Penn noted that companies that are based outside the United States are concerned about storing data with US-based cloud service providers out of fear that the US government will be able to gain access to the data through subpoenas or national security letters.
“What needs to be solved is not just the protection from company A to cloud provider B, but a way to keep the data protected from even the cloud provider, not just because of rogue administrators”, Penn said. “This is why data security is so important” in the cloud, he added.
Penn said that encryption is one of the best ways to secure corporate data in the cloud, but “it has to be encryption that the company controls.”
One of the vendors that offers encryption-based cloud security products to companies and government organizations is Maryland-based SafeNet.
“One of the biggest issues our customers are running across is around the concept of trust in the cloud”, said Dean Ocampo, solutions strategy director at SafeNet. “There isn’t a lot of insight among customers in understanding what cloud providers are doing from a security perspective”, he told Infosecurity.
SafeNet recently launched its Trusted Cloud Fabric platform, which includes a number of encryption-based products that enable companies and organization to secure data on-premise, in-transit, and in the cloud.
“We are launching the Trusted Cloud Fabric to give customers control”, Ocampo said. Customers can use these products to move data into the cloud using technologies like encryption and “not have to worry about the trust level in the cloud.” The products give customers the ability to not only secure data in the cloud, but to manage it as well, he added.