Cloud encryption: control your own keys in a separate storage vault

Grazed from NetworkWorld. Author: Linda Musthaler.

Any time a company decides it wants to host its applications in the cloud, or use a SaaS application where the company’s data will be stored in the cloud, the IT security professionals have to ask a series of questions. Can we encrypt the data? If so, who will have access to the keys? How will we perform key rotation? Can we sort and search on data that is encrypted? Is the cloud vendor using a proprietary encryption technology that prevents us from moving our data to another vendor? If we use 10 SaaS applications, will we have to manage 10 different sets of encryption keys?

These questions are tough enough to answer when the data and encryption technologies are in a company’s own data center where it has complete control over everything. Things get much more complicated when the company has to factor in third party hosts like Amazon and Rackspace or SaaS providers like Google Apps, Workday and Salesforce…

The state of cloud encryption today is still very muddled. Some vendors provide it and some don’t. Sometimes encryption has to be bolted on and it isn’t a well integrated process. Some encryption schemes are proprietary to a specific vendor…

Read more from the source @ http://www.networkworld.com/newsletters/techexec/2013/100413-cloud-encryption-key-management.html