Your IT Consultant

Cloud Security Concerns – Users Need to Control Encryption

March 9, 2015

A survey conducted by the Cloud Security Alliance (CSA) shows that financial institutions think the cloud is a scary place to be. SC Magazine summarized the results in a recent blog post. Security is a major concern for the 102 global participants that responded. Confidentiality of data was the biggest concern for 60 percent of those responding, 57 percent cited loss of control of data, 55 percent cited data breaches and 42 percent cited data loss. Encryption solutions have been implemented by 42 percent of the respondents and 61 percent stated that control of the encryption key is a major concern.

Chenxi Wang, CSA corporate member and report contributor, stated that users could use encryption offered by the cloud provider or a third party service. “The advantage of the former may be seamless integration with the service, but your keys are held by the cloud service provider, which means they have access to your crown jewels,” Wang said. “The advantage of the latter is not only multi-cloud, but also separation of duty – you manage the key, the cloud provider manages the storage of encrypted data.”

Amen. Storage services such as Dropbox, iCloud, OneDrive, etc. have a master decryption key and can access your data. You control the decryption key for Spider Oak and other “bolt on” products such as Boxcryptor and Viivo.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com