This article on securing data in the cloud was originally featured in Computer Weekly.
Historically, global organizations have had to make a tradeoff between the agility and collaboration benefits of the cloud and maintaining data sovereignty, security, and control.
But this is no longer the case: You can have the best of both worlds.
There are simple ways that organizations can take complete control of the data they store and share in the cloud, ensuring that their sensitive data can only be accessed by the people and systems that have been granted the authority to do so.
With this level of control, global organizations can maintain data sovereignty and residency, as well as implement a Zero Trust architecture, while using the cloud providers of their choice.
How We Got Here: The Evolution of Global Data Privacy
A company based in Europe may find itself in a situation where it’s required to hand over its customer data to the U.S. government. Why? Because: (a) the leading cloud providers are predominantly U.S.-based and subject to various laws requiring cooperation with U.S. local and federal government entities, and (b) there is currently no multilateral privacy framework.
The absence of a global privacy framework has caused governments to take different legal and policy approaches to data and with this, privacy has become a polarizing issue for global businesses. However, while the system of national and regional law continues to evolve, companies are demanding flexible and universally compliant cloud enablement solutions/tools right now: to enable their full participation in the global economy, maintain the benefits of the public cloud, and provide complete control over data access.
Cloud providers have taken steps to strengthen data residency and sovereignty, such as defining regions and zones for data storage and processing. But this approach is incomplete, and depending on the location of your organization, the capabilities can vary. For example, GPUs may not be available in some regions.
In a world where speed, efficiency, and collaboration are table stakes for innovation, global companies need a better option. You shouldn’t have to sacrifice productivity for security and control of your own information.
Achieving Complete Control of Sensitive Data In the Cloud
Implemented correctly, end-to-end encryption of sensitive data can not only shield data from unauthorized access, but it can also give you complete control over that data as it travels and is shared.
The European Data Protection Board (EDPB) has identified end-to-end encryption as an effective means of securing data while leveraging a third-country service provider, so long as that encryption and its algorithm are robust; that the encryption is applied for the entire time period that the data must remain confidential; the keys are reliably managed; and that the keys are controlled by the data owner.
End-to-end-encrypted data is protected before it hits the cloud provider’s server, shielding sensitive data from anyone without authorized access — including the cloud provider themselves. When you control the encryption keys, only you can decide who to grant access to your sensitive data.
The result is that your most important asset — your data — remains secure and fully under your control, while giving you the ability to leverage the cloud provider of your choice, even if they’re located in the U.S. If your data is protected by end-to-end encryption and shielded from the cloud provider, you don’t have to worry about whether foreign governments subpoena your information, because while the cloud provider may be forced to turn over the information they have, that information is incomplete: It does not include the true, meaningful contents of that data, because they don’t have the keys to what’s inside.
What to Look For In End-to-End Encryption Partners
Not all encryption providers are created equal. In a rapidly evolving global cloud landscape where cyber threats are continuing to escalate, you’ll want to consider the following:
- Data-centric protection that wraps each data object in its own layer of encryption
- Zero Trust Data Access controls that are granular and sophisticated enough to ensure the recipient is authorized to view the encrypted data
- The ability to host and manage your own encryption keys, so that neither your cloud provider nor your encryption partner can access the contents of your data
- Persistent control across the full lifecycle of the data, even after that data has been shared externally. Ensure that your encryption partner can facilitate the revocation of data, should circumstances change.
Getting Started with Zero Trust Data Control
Ready to take the next step toward Zero Trust Data Control? Contact Virtru today to start the conversation, and get up and running quickly.
