|By David Stott||
|April 19, 2013 12:30 PM EDT||
As the proliferation of the cloud continues, Cloud Protection Gateways are increasingly being discussed as a way to address security issues surrounding cloud adoption. Whatever stage of cloud adoption your organization is in, a thorough vetting of the different gateways available will be important to address key security issues, including data residency concerns, industry compliance and internal security best practices.
Key Features of Cloud Protection Gateways
Cloud Protection Gateways will be an integral part of your cloud adoption strategy. These gateways are built to intercept sensitive data while it is still physically on the premise of an organization and replace it with a random tokenized or strongly encrypted value. This process renders the data meaningless should anyone attempt to hack the data while it's in transit, being processed or stored in the cloud. Choosing a provider means trusting that provider's technological capabilities and soundness.
Choosing a Gateway - An Inclusive Business Decision
Choosing a Cloud Protection Gateway Provider impacts multiple teams within your organization. The following groups bring a unique perspective and can provide valuable insights to the decision:
- Security Team - security of data may be the primary reason the gateway is being acquired.
- Governance & Risk Team - to ensure the gateway is in line with regulations and company policies (i.e., data privacy).
- Information Technology Team - are typically involved with deployment and management of the selected gateway.
- End User Team - they will be using the applications moved to the cloud and will be affected by any impact that gateway has on application functionality.
The Key Information to Gather from Gateway Providers
The Security Team
The security team will want to know the details about the type of underlying security techniques being used to protect your data, beginning with whether the security strategy is encryption or tokenization.
If the security technique is encryption, the security team will want to know what algorithms are used and whether they are proprietary or certified by strong standards such as NIST FIPS 140-2. The security team will also have specific questions about who keeps control of keys. Best practice is to keep that control in the hands of your enterprise. It's also important to know whether existing third-part encryption key management solutions can be used versus adopting a new system, and whether that would impact usability.
If tokenization is the security strategy, the security team will need a third-party evaluation of the tokenization technique used so your enterprise can be sure best practices and guidelines on the best ways to deploy and use tokenization are being followed.
Key Information for Other Internal Teams
In an upcoming blog post, we'll consider what other information is important to gather from the perspective of the Governance & Risk Team, Information Technology Team and End User Team. In the meantime, take a look at the specifics of the PerspecSys Cloud Encryption Gateway and how it can help your enterprise implement a robust and secure cloud adoption strategy.
PerspecSys Inc. is a leading provider of cloud protection and cloud encryption solutions that enable mission-critical cloud applications to be adopted throughout the enterprise. Cloud security companies like PerspecSys remove the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated companies across the world by never allowing sensitive data to leave a customer's network, while maintaining the functionality of cloud applications. For more information please visit http://www.perspecsys.com/ or follow on Twitter @perspecsys.
Jun. 1, 2015 09:15 PM EDT Reads: 843
Jun. 1, 2015 08:45 PM EDT Reads: 906
Jun. 1, 2015 08:15 PM EDT Reads: 2,261
Jun. 1, 2015 08:00 PM EDT Reads: 1,196
Jun. 1, 2015 07:30 PM EDT Reads: 2,229
Jun. 1, 2015 07:30 PM EDT Reads: 5,067
Jun. 1, 2015 07:30 PM EDT Reads: 2,949
Jun. 1, 2015 06:15 PM EDT Reads: 5,762
Jun. 1, 2015 05:30 PM EDT Reads: 3,063
Jun. 1, 2015 05:15 PM EDT Reads: 3,135
Jun. 1, 2015 04:30 PM EDT Reads: 3,583
Jun. 1, 2015 04:30 PM EDT Reads: 3,227
Jun. 1, 2015 03:45 PM EDT Reads: 2,845
Jun. 1, 2015 03:45 PM EDT Reads: 1,238
Jun. 1, 2015 02:15 PM EDT Reads: 956
Jun. 1, 2015 01:30 PM EDT Reads: 1,436
Jun. 1, 2015 01:15 PM EDT Reads: 861
Jun. 1, 2015 12:30 PM EDT Reads: 1,828
Jun. 1, 2015 12:15 PM EDT Reads: 5,181
Jun. 1, 2015 12:00 PM EDT Reads: 4,436