Encryption architecture is very much dependent on the goals of the encryption solutions, along with the cloud delivery mechanism. Protecting data at rest from local compromise or unauthorized access differs significantly from protecting data in motion into the cloud. Adding additional controls to protect the integrity and availability of data can further complicate the process….
Category: security
Is your Sensitive Data hiding from you?
The modern enterprise has evolved into a giant producer and consumer of data. Despite the large volume of controls and efforts to protect various data types, very few organizations can map exactly where their sensitive data is located and what security controls are deployed to guard it. Structured data types that are centrally managed allow…
QuickGuide: Encryption
Symmetric Encryption There are two primary forms of cryptography in use today: symmetric and asymmetric cryptographies. Symmetric algorithms operate with a single cryptographic key that is used for both encryption and decryption of the message. For this reason, it is often called single, same, or shared key encryption. It can also be called secret or…
Data Loss Prevention (DLP)
Data loss prevention and data leakage prevention are terms used interchangeably to describe the controls put in place by an organization to ensure that certain types of data (structured and unstructured) remain under organizational controls, in line with policies, standards, and procedures. Controls to protect data form the foundation of organizational security and enable the…
Data Anonymization
Direct identifiers and indirect identifiers form two primary components for identification of individuals, users, or personal information. Direct identifiers are fields that uniquely identify the subject (usually name, address, etc.) and are usually referred to as personally identifiable information. Masking solutions are usually used to protect direct identifiers. Indirect identifiers typically consist of demographic or…
Data Masking/Obfuscation
Data masking or data obfuscation is the process of hiding, replacing, or omitting sensitive information from a specific data set. Data masking is usually used to protect specific data sets such as PII or commercially sensitive data or to comply with certain regulations such as HIPAA or PCI DSS. Data masking or obfuscation is also…
Cloud Storage Services
At the core of all cloud services, products, and solutions are software tools with three underlying pillars of functionality: Processing data and running applications (compute servers) Moving data (networking) Preserving or storing data (storage) Cloud Storage Services Cloud storage is basically defined as data storage that is made available as a service via a network….
Data Security: Access Control
Previous article in series – Data Security: Functions, Actors, and Locations As with most areas of technology, access control is merging and aligning with other combined activities—some of these are automated using single sign-on capabilities, while others operate in a standalone, segregated fashion. The combination of access control and effective management of those technologies, processes,…
Data Security: Functions, Actors, and Locations
Previous article in series – Data Security: The Secure Data Lifecyle Upon completion of mapping the various data phases, along with data locations and device access, it is necessary to identify what can be done with the data (i.e., data functions) and who can access the data (i.e., the actors). It is also important to…
Data Security : The Secure Data Lifecycle
Data security is a core element of cloud security. Cloud service providers often share the responsibility for security with the customer. Roles such as the chief information security officer (CISO), chief security officer (CSO), chief technology officer (CTO), enterprise architect, and network administrator may all play a part in providing elements of a security solution…