Page 17 - cdm-2014
P. 17
,). .$)( " $(-. )0 ,(' (. )&& .$)( )! . ' ( -
( ,3*.$)(
Ever since Edward Snowden began dropping his bombshells about U.S. and other nations’
electronic espionage practices, enterprises have been wondering how to best protect their
sensitive and confidential corporate data from government intrusion.
At first, offshore data residency seemed like a promising answer. If your customer data is stored
overseas, the thinking went, all would be immune to being turned over to the government.
But a recent decision by U.S. Magistrate Judge James Francis casts doubt on that thinking.
Francis “said Internet service providers such as Microsoft Corp or Google Inc cannot refuse to
turn over customer information and emails stored in other countries when issued a valid search
warrant from U.S. law enforcement agencies,” as Joseph Ax reported for Reuters and CNBC.
So no matter where your data is housed, if your service provider is subject to U.S. law, your
data is subject to U.S. warrants.
What enterprises need is encryption with strict enterprise control of the encryption keys. This
combination ensures that your data is always safe from prying eyes, no matter where it travels
or who gains access to it. It also ensures that if your cloud service provider is compelled to
provide your data, no one can read it or extract anything of value from it without your
organization’s knowledge and consent—since you’ll be the only ones with the encryption keys.
There’s no longer much point in looking for cloud solutions that are immune to spying, after all.
It’s time to render your data immune. Encryption also looks to be the solution to another sticky
cloud dilemma: that of the sovereign cloud.
As revelations of government spying continue to roll in, some countries are responding by
working to build “nationalistic barriers to global data flows in general and Internet technology
services in particular,” Michael Hickins wrote for the WSJ’s CIO Journal.
While this may help nations protect their domestic businesses’ data from foreign espionage, it
will also damage the free flow of information across borders, which is one of the key benefits of
the Internet.
Ultimately, that strategy may not even work. As recent news demonstrates, infrastructures can
be breached. The answer lies not in putting up more walls around data centers and nations, but
in protecting the data itself.
Encryption does so in the most efficient and controllable manner. As Burt Kaliski Jr., SVP and
CSO of Verisign, said, “Encryption needs to be normative.”
Encryption isn’t a difficult solution to implement, either. It plays a key role in any effective cloud
data protection strategy.
What measures does your organization take against government spying?
! " $ !
! # ! "
