Research from Microsoft has been released – showing that almost two-fifths of companies will start paying for cloud services within three years – demonstrating why organizations adopting the cloud should revisit their encryption needs.
While the economic imperative of migrating data to the cloud is clear, organizations need to revisit their data encryption practices before making the leap.
Microsoft’s research shows us that 39 percent of SMBs expect to be paying for cloud services by the time 2014 rolls around – and there’s no doubt that many other companies will be using some of the free cloud resources that are now available. My observations suggest that organizations of all sizes – not just SMBs – overlook aspects of their data encryption needs for the cloud, as they focus on the cost savings that accrue from the migration. I would even say that accountability and transparency of how customer data and cloud system security are being handled by cloud vendors is also suspect.
The Challenges of Data Encryption in the Cloud
The important thing to realize with cloud resources is that organizations are effectively losing direct control over their own data and this makes the task of compliance – under an increasingly complex set of rules, such as PCI-DSS – all the more complex.
And, it’s also important to understand that, where cloud data storage is involved, businesses need to take a centralized management approach to data encryption – in order to give IT staff maximum control, with minimal impact on operations and productivity.
The challenges to cloud users and providers will be the management of encryption systems, including encryption key management. There are also potential issues with trying to index data that is encrypted in the database, so encryption approaches will have to examine not only data in flight (point to point encryption) but also data at rest (databases and other forms of storage). For SMB and many others, this will be a new experience.
The process of planning for migration to a cloud platform should be welcomed and not regarded as a chore by IT staff, as it is a clear opportunity to re-appraise data encryption systems. Unfortunately, SMB customers are unable to judge the competence of larger providers of cloud services, and applications for the cloud rarely have data encryption as either a base or optional offering. Consequently, the model of the future of cloud will be “trust me.”
My company’s research amongst our customers suggests that many of them are taking the intelligent approach of re-investing some of the cost savings that the cloud brings to their data storage platform by enhancing the encryption of data at all points in their businesses.
Put simply, this means implementing data encryption across any endpoint – desktops, laptops, handheld devices and removable media – and implementing full disk encryption where appropriate. This practice ensures that any and all data that flows to and from a cloud resource is fully protected.
Microsoft’s research shows that SMBs are now joining a growing number of enterprises in adopting the financial benefits of the cloud. They should all, however, be cautious of adopting a solution that does not encrypt data on a centralized basis, as they might wind up failing to meet their compliance requirements.