Securing the Cloud

Recently it was revealed that Oregon Health & Science University (OSHU) staff were storing patient data in a cloud storage solution – namely, Google Drive. What’s the big deal? It’s Google, it has to be secure right? Sure, but the fact remains that there are regulations that need to be followed when it comes to handling patient information.

While Google is a well-known, reputable technology company, it typically isn’t an approved supplier of storage for things such as health care records. Regardless of the company, and whether they encrypt their servers, there’s no guarantee your data is secure in the event of someone successfully hacking into their systems.

The best way to ensure cloud security is to treat it like you’d treat a secure network storage folder – encrypt it. Cloud storage options like Google Drive, Dropbox, Box, SugarSync and others, while secure in their own right, are only as secure as their overall servers. If someone gains access to the server, all data on that server is exposed unless it’s been encrypted somewhere else – like your local PC.

Encryption of data located in cloud storage services should never be left up to the service provider – organizations need to take that into their own hands and do the encryption at the endpoint before that data can be moved to an outside provider. It’s the only way to maintain the security of the information.

It’s something we’re investigating thoroughly into right now. How do we effectively manage the encryption keys for users of cloud storage and enable them to properly and securely store and share data in the cloud?

Without getting into greater detail, we’re close to delivering our solution for cloud services encryption. Rest assured, it doesn’t depend on the security of the provider but will leverage our extensive expertise in key management and work within the enterprise for organization to not only store, but share data securely through cloud storage solutions.

Previous Post
What’s the right choice?
Next Post
Hidden Benefits of Encryption for Legal Services

Related Posts

SESWeb – Private Cloud Ready

In a previous post, Rethinking Data Security in the Public Cloud, I alluded to a Private Cloud management post. So in spirit of SecureDoc Version 6.1—let’s talk Private Cloud (or #PrivateCloud to all of you Twitter geeks like me).  (more…)
Read more

Florida Gets Serious With Data Privacy

July 1st was a big day in Florida if you’re a follower of info security news. That was the day Florida’s new Florida Information Protection Act (FIPA) came into effect and had immediate consequences for anyone that does business in…
Read more

Wrapping up FOSE

As you saw last week, we were pretty busy at FOSE meeting people, shaking hands and talking about data-at-rest security. It was an interesting show to say the least. (more…)
Read more

Nothing is ever ‘free’

Last week I attended SC Congress in New York and did a presentation talking about the results of our study with the Ponemon Institute and the cost of data encryption solutions. It was a good event, well attended and there…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu
Contact Us

This will close in 15 seconds