Your data, their cloud? Bring your own encryption keys

“Are you the Key Master?” “I am the Key Master, are you the Gate Keeper?” Those aren’t merely lines from the “Ghostbusters” movie, but the question IT has to ask more and more about protecting even encrypted data.

The goal of encryption is clear: To prevent unauthorized people from reading what they should not. Even if someone intercepts your messages or a cloud provider’s engineer opens your data stores, that encrypted data should be worthless without the key. Encrypted data must have a key (aka a cypher) to be unlocked.

[ Safeguard your data! The tools you need to encrypt your communications and Web data. • The tools you need to encrypt your communications and Web data. • InfoWorld’s encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld’s Security newsletter. ]

Thus, protecting those keys — who has access to them — is the biggest challenge in safeguarding that data. Although your technology provider may offer tools to encrypt your data, you might need to do more to protect those keys and perhaps even bring your own.

To read this article in full or to leave a comment, please click here

from InfoWorld Cloud Computing http://ift.tt/1OnevEZ
via IFTTT