CIO & LEADER-Issue-10-January 2018 (1)

Column
businesses include:
Network configuration and security
(such as firewalls)
Data Security (including encryption)
The use of third-party security tools
such as encryption key management
software
Determining the type of content and
data to store in the cloud
Access control and management
Making life simple with encryption
There is abundant evidence to show
the difference that encryption makes
in containing the volume of loss and
associated costs when a breach occurs.
In fact, according to a study, extensive
use of encryption is the second most
impactful factor that can limit the costs
of a data breach. Despite all pointers
that emphasize its advantages, usage
of encryption is limited in many businesses
across industries. Although the
adoption of encryption has increased
over the last decade, only a mere 37 percent
of businesses employ it as a cloud
security strategy.
Remember, encryption is the important
first step for businesses that wish
to take control of the ownership of
data; better encryption key management
follows next.
While encryption renders data
into a format that can only be read by
authorized users, it does not make a
powerful strategic tool if not combined
with effective key management. Far
too often, companies follow a laissezfaire
approach to key management,
which makes its utilization needlessly
complex and cumbersome. Problems
do get out of hand when there is no
clear ownership of keys within the
organization, when no skilled personnel
is in charge of the keys, or when
a siloed approach is followed for key
management.
Having an effective encryption and
key management solution is vital to
the success of any security strategy.
Data encryption, when executed
properly, ensures the protection of
sensitive information. Although there
are many myths surrounding data
Encryption is the important first step for businesses
that wish to take control of the ownership of data;
better encryption key management follows next
encryption (too expensive, too difficult
to manage, etc), the surprising truth is
that it is indispensable. In fact, encryption
provides the foundational framework
to any data security protection
strategy.
There are security options out there
to help organizations in:
Encrypting and managing data
stored on virtual machines and
Infrastructure-as-a-Service (IaaS)
platforms.
Encrypting files at the endpoint
before they are synchronized to
enterprise file sync and share (EFSS)
services across a range of enterprise
platforms.
Managing encryption keys across
the enterprise
Whether data is stored in public,
private, or hybrid cloud environments,
organizations need a robust
solution to ensure full control of
encryption and its keys. Much of the
encryption related problems can be
alleviated with the adoption of file
encryption software, and ideally with
an intelligent key management system
that encrypts virtual machines and
removes encryption keys at the conclusion
of each virtual instance.
Using a single platform often is
more effective as an organization can
ensure the implementation of a unified
encryption strategy across any
endpoint, provide a virtualized or
cloud environment with increased
enterprise security, ensure encryption
compliance, and reduce complexities
of risk management and audits
14 CIO&LEADER | January 2018