Encrypted data in the cloud? Be sure to control your own keys

Grazed from NetworkWorld.  Author: Linda Musthaler.

With cloud computing there’s no longer a question about whether you should encrypt data. That’s a given. The question today is, who should manage and control the encryption keys?

Whether talking to an infrastructure provider like Amazon or Microsoft, or a SaaS provider, it’s imperative to have the discussion about key control. The topic is more relevant than ever as more companies move regulated data into the cloud and as concerns about data privacy grow…


Protecting regulated data is top-of-mind in the U.S. where regulations such as PCI and HIPAA dictate that third parties not be able to access an organization’s sensitive data. Even if the data is strongly encrypted, it’s a compliance compromise if a cloud service provider has access to a full key that can decrypt the information without the data owner’s knowledge or permission…

Read more from the source @ http://www.networkworld.com/article/2603122/cloud-security/encrypted-data-in-the-cloud-be-sure-to-control-your-own-keys.html