Security "Bits"

Concerned About CISA? Encrypt Data Before It Hits The Cloud

By Salim Hafid | October 21, 2015 at 4:00 PM

By now you've surely heard about the latest cybersecurity bill, the Cybersecurity Information Sharing Act, that threatens to impede on data privacy for users of public cloud applications. Major tech companies including Google, Apple, and Dropbox have voiced their opposition to the bill, noting that the new rule would make it more difficult for users to know when their data has been passed to the government. For organizations that store data in public cloud applications, such a law would impede on privacy of corporate information. Even if encrypted by the cloud app, the encryption keys are owned by the cloud vendor and not by the enterprise. Should a subpoena come in such a scenario, the cloud vendor could divulge the data to the government without informing the enterprise.

Cloud Access Security Brokers (CASBs) offer advanced cloud encryption that augments security of corporate data stored in public cloud apps. Where the concern is that cloud app vendors will be compelled to provide the government with organizations' dat, the most effective way to secure that data is to encrypt using keys that the enterprise controls. 

Bitglass not only enables the enterprise to control its own cloud encryption, but also ensures that only protected data is uploaded to the cloud. CASBs, including Bitglass, offer a level of control over data and its encryption that aims to protect against gaps in security that may arise due to new legislation.  

Read our deep dive on encryption



see all