In the Cloud, Encryption in Motion + Encryption at Rest = Not Good Enough

In the Cloud, Encryption in Motion + Encryption at Rest = Not Good Enough

Can you use SSL to secure interactions with the Cloud? The answer: in part. Remember, the original intent for SSL (Secure Sockets Layer, now known as Transport Layer Security, or TLS) was to secure interactions between browsers and Web servers, and to this day it still offers only point-to-point, channel encryption. If you want a message to traverse any kind of intermediary, or if you want to secure only part of a message, then SSL falls short. And of course, SSL can only secure messages in motion. It doesn’t help at all with securing data at rest.

To secure data at rest, you need an alternative approach to encryption. The brute force approach is to encrypt all data before you upload it to the Cloud. That way you can keep your private keys on premise (an important best practice), and you can rest assured that hackers will have a very hard time cracking any of your confidential information in the Cloud, no matter where the Cloud provider puts it.

The problem with the brute force approach is that you can’t do much with your information when it’s in an encrypted form. You can store it and move it around, but you can’t process it in the Cloud without decrypting it there, which creates an obvious opportunity for hackers. As a result, many organizations require a more subtle approach than brute force encryption.

An alternative approach that’s gaining increasing traction in the Cloud marketplace is the use of encrypted volumes. In essence, the entire virtual drive is encrypted, so any files you store on it are automatically encrypted. Will an encrypted volume solve your data-at-rest confidentiality problem?

Not so fast. With today’s encrypted volume technology, all you need is a single username/password or private key to unlock the drive. And once someone has unlocked it, they have access to all the data on the drive. No fine-grained access control or entitlements. Bottom line: sometimes you can secure your data in motion with SSL and your data at rest with encrypted volumes in the Cloud, but even when you combine both approaches, you still have holes a hacker can drive a truck through. Be warned!

Share the Post:
XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes

ransomware cyber attack

Why Is Ransomware Such a Major Threat?

One of the most significant cyber threats faced by modern organizations is a ransomware attack. Ransomware attacks have grown in both sophistication and frequency over the past few years, forcing

data dictionary

Tools You Need to Make a Data Dictionary

Data dictionaries are crucial for organizations of all sizes that deal with large amounts of data. they are centralized repositories of all the data in organizations, including metadata such as