For organizations with heavy data security or compliance requirements, regular risk assessments are a must, and even more so if you keep any sensitive data in the cloud. You must know what assets you have, their relative vulnerability, their relative value (not only to your organization, but to attackers and competitors), and the probability of their loss. Only then can you develop a security strategy that balances the need for protection against budget and manpower restrictions. Encryption in the cloud can help you perform risk assessments in several ways.
A complete inventory of all your sensitive and/or protected assets is vital to your risk assessment. Encryption in the cloud can help accomplish that. A strong cloud encryption solution will provide you not only with granular control of encryption on individual data types, but also with clear visibility into the encryption that you’ve applied. What that means is that you’ll have visibility into your organization’s protected assets. With that visibility, you can more easily and thoroughly inventory data assets as part of your risk assessment process.
Another key step in a proper risk assessment is the assigning of relative values to data assets. What monetary value do individual asset types have to your organization? How about to attackers and competitors? In other words, how likely is it that someone will want to steal the data? Think of it this way: if you own a Datsun and a Jaguar, which one do you think is more important to protect? Encryption in the cloud can speed up your risk assessment process by showing you the value you’ve already assigned to each data type.
As part of the risk assessment process, you’ll have to articulate what countermeasures you already have in place to protect your high-value or high-risk data types. If your organization is using the cloud, then encryption in the cloud should feature as one of your most useful and commonly used countermeasures against data leaks or data theft. Here, the clear visibility into your data and individual data fields’ levels of protection will help you quickly complete this step. Instead of having to track down countermeasures across different silos of IT or SecOps, you’ll be able to view a unified report of everything encryption in the cloud is doing to secure your data.
Risk assessments can be time-consuming, but they’re as necessary to the ongoing security of your organization’s data as regular physicals are to your overall health. As you can see, however, encryption in the cloud can help you complete several steps of your risk assessment more quickly, more completely, and more confidently than you could without it.
Paige Leidig is SVP at CipherCloud. He has 20 years of experience in technology, marketing, and selling enterprise application solutions and managing trusted customer relationships. As SVP of Marketing, he is responsible for all aspects of marketing at CipherCloud. Paige was previously in the Office of the CEO at SAP (News - Alert), where he was responsible for leading and coordinating SAP’s acquisition and integration activities on a global basis. He has managed a number of marketing initiatives at SAP, including responsibility for all go-to-market activities for SAP’s Cloud applications portfolio. Preceding his SAP career, Paige held senior management positions with Ariba, Elance, and E*Trade.