Glass Class - Is Cloud Encryption Right For You?
Hey everyone, Rich here and thanks for joining another Bitglass Glass Class session. Today we're going to be talking about whether or not cloud encryption is right for you. According to some recent Bitglass survey data, we found that almost 50% of decision makers believe that cloud encryption is the number one thing that can help them protect sensitive data in the cloud. What we found through practice across many, many customers is it's not right for every situation. So we'll talk about when and what.
When do we want to encrypt data in the cloud? First of all, if we have regulatory mandates. Perhaps HIPAA, as an example of that, that we have to abide by - it may be a perfect time to encrypt data. Another piece is when we have key intellectual property going up into the cloud. Maybe we work for KFC and we're going to put the secret recipe, the Colonel’s secret recipe, up in Google Drive. Certainly we want to encrypt things then.
Probably the last one is when we have data residency issues. Maybe we're an organization that's based out of Germany and we're using cloud apps that are based in the US and we have data residency that we want to account for. These are primary situations when we want to apply cloud encryption - when it may be a very wise choice for us.
Then the next question is “What do we encrypt?” Do we encrypt everything? Probably not. Typically, what we coach customers into doing is we encrypt what's necessary. And data takes two primary forms when it comes to cloud applications. You have structured data - this is the type of data you may see in form fields in an application like a ServiceNow or a Salesforce, as an example. Here’s what we're going to do: we're going to identify those sensitive fields. Maybe we're protecting customer data and we want to protect things by encryption - things like social security numbers or other personally identifiable information. We're going to identify the sensitive fields and encrypt only those that need to be encrypted.
Another type of data we have is unstructured data. So this is maybe something you'll see in a file sharing application like a Box or a OneDrive via Office 365, as an example. And here it's not quite as simple as just saying we want to encrypt certain sensitive fields. Here you have to actually take a look at the data itself and identify certain sensitive types of data.
Typically, the way this is done with a CASB like Bitglass is we apply DLP policies to the data that's at rest inside of that cloud-based application. Those files that match those DLP policies will be encrypted - leaving the rest unencrypted. This is just a very quick and easy way to decide whether or not cloud encryption might be right for your organization.
Thanks for joining today's edition of Glass Class. Don't forget to subscribe down below and we'll see you next time.