Will a lack of trust in the cloud prevent ‘encryption nirvana’?

Grazed from Computing. Author: Richard Moulds.

Encryption is not new – in fact, systems for ensuring message secrecy have been around for millennia. What is new is the unprecedented variety of options that enterprises now have at their disposal to encrypt data and the potential complexity that brings. The rise of cloud computing means there’s now another chair at the table – the cloud service provider – which requires a new examination of trust models.

Of course, effective cryptography depends not only on the ability to encrypt data, but also the management and control of the keys to decrypt and make sense of the information. While the cloud presents significant economic and operational benefits for enterprises, it also poses a substantial security risk. Organisations must decide how much control they are willing to relinquish to their cloud provider – where should data be encrypted, and crucially, who should hold the keys…

A recent Encryption in the Cloud study found that 53 per cent of enterprises are already transferring or planning to transfer sensitive data into the cloud – yet over half say they don’t know what steps are taken by their cloud provider to secure their sensitive data. In addition, there appears to be a great deal of confusion about who has primary responsibility for protecting sensitive data in the cloud environment…

Read more from the source @ http://www.computing.co.uk/ctg/opinion/2292704/will-a-lack-of-trust-in-the-cloud-prevent-encryption-nirvana