How to lock down data in use – and in the cloud

Grazed from GCN. Author: John Moore.

Security best practices traditionally call for encrypting data in transit, as it moves from one storage locale to another, and data at rest, when it resides in an organization’s storage systems. The advent of cloud computing, however, has created the need for yet another stage of security: data “in-use,” as when a third-party cloud provider maintains it.

The Cloud Security Alliance recommends securing data when it exists in this in-use state. In its 2012 implementation guidance, CSA recommended “controls should be applied throughout the entire lifecycle (in transit, at rest and in use) to allow the customer to maintain control over the data while the [cloud service provider] hosts and processes it.” Securing data in use, however, presents encryption challenges. For one thing, data typically needs to be decrypted in order for users or work with it…

“Traditionally, if cloud-hosted data is encrypted using block- or file-level encryption, basic server-side operations such as indexing, searching and sorting records are impossible,” according to a whitepaper from Vaultive Inc., a cloud encryption company. “Once ciphertext is incorporated into a SaaS application, some of the features of the service are no longer operational since processes like search, sort and index cannot function against an encrypted ‘blob.’”…

Read more from the source @ http://gcn.com/articles/2014/03/12/data-in-use-encryption.aspx

Subscribe to the CloudCow bi-monthly newsletter @ http://eepurl.com/smZeb