Page 21 - Cyber Warnings
P. 21
Data-level security
This level of protection involves securing the data itself. No cloud provider will take responsibility
for your data, but there are solutions you can purchase to help.
Many cloud providers, for example, offer encryption as a standard option, but you may be
surprised at how many do not, or who encrypt data only part of the time. Anything less than 256-
bit encryption is considered inadequate these days.
More important is that you have full control of the encryption keys. If a cloud provider insists on
owning them, you have no guarantees that your data will be safe. Seek another provider.
In addition, make sure your data is unencrypted only when in use.
Some providers require that data be transmitted to their facilities in plain-text format. That’s a
security risk.
Whatever cloud provider you adopt, make sure their security guarantees spelled out in their
contract and SLA.
A good contract should spell out exactly what procedures will be employed, along with any
penalties the provider will face for non-compliance, how they will report upon it, and how you
can audit to ensure your contractual terms are being met.
A strong SLA ensures that you don’t simply toss the keys to your cloud provider as you’re
walking out the door.
About the Author:
Scott Montgomery is vice president and chief technology officer of public
sector at Intel Security. He runs worldwide government certification efforts
and works with industry and government thought leaders and worldwide
public sector customers to ensure that technology, standards, and
implementations meet information security and privacy challenges. His
dialog with the market helps him drive government and cybersecurity
requirements into Intel Security’s products and services portfolio and guide
Intel Security’s policy strategy for the public sector, critical infrastructure,
and threat intelligence.
With more than 15 years in content and network security, Montgomery
brings a practitioner’s perspective to the art and science of cybersecurity. He has designed,
built, tested, and certified information security and privacy solutions—including firewalls,
intrusion prevention systems, encryption, vulnerability scanners, network visibility tools, mail and
web gateways, strong authentication tokens, embedded systems, and more. Prior to its
acquisition by Intel Security, Montgomery ran worldwide product management and corporate
strategy for Secure Computing.
21 Cyber Warnings E-Magazine – September 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
