Page 159 - CDM-CYBER-DEFENSE-eMAGAZINE-December-2018
P. 159
A Better Solution
The solution is not all that complicated: store your sensitive data and files in the cloud while retaining
exclusive control of their encryption keys under the protection of your own secure cryptoprocessor in a
controlled environment outside the public cloud.
In this architecture, a breach of the cloud service provider delivers nothing to the attacker, because they
only get access to encrypted information that is of no use to them without the keys. The benefits of the
cloud are still realized while maintaining data protection. This allows companies to prove compliance to
data security regulations while leveraging clouds, private or public, to the maximum extent possible.
The lack of security in the cloud is a real and significant problem. Even if data used by cloud applications
are encrypted, the encryption keys are the real story. Not only does the information need to be kept safe,
so do the keys.
With this reality in mind, mid-market businesses need to think about enterprise-grade security instead of
assuming that their data is being secured in the cloud. They will serve their customers and their own
longevity best by finding solutions that meet the cryptographic key management laws noted above.
About the Author
Brian Jenkins is the VP of Product for StrongKey, a provider
of open-source cryptographic key management solutions. He
has over 20 years of experience in multiple Silicon Valley high-
tech startups, where he began his career as a software
engineer and went on to hold positions from product
management to founder and CEO. He graduated from Duke
University with a bachelor’s degree in electrical engineering
and Computer Science and earned his MBA from UC
Berkeley. Brian works out of StrongKey’s office in Durham,
NC.Brian Jenkins can be reached online at
https://www.linkedin.com/in/brianhjenkins/ and at our
company website http://www.strongkey.com
159
