Last updated: 16 May 2016
If your data lives in the cloud, you already know the cost and uptime advantages that come with using a reputable cloud provider to manage the infrastructure. But what about the security of that data? Who is responsible for keeping it safe in the cloud?
The truth is that the sole entity responsible for the security of the data is YOU—from the moment you take possession of it to the moment it’s deleted. No exceptions.
Ownership and management of data are two very different things. If the data is stolen—you are responsible. If the data is lost—you are responsible. If the data is manipulated—you are responsible.
So, while it’s possible to outsource data encryption and management services in the cloud, you can’t outsource the responsibility for that data. With this level of accountability, YOU have to be the one to secure that sensitive data.
Being able to own your encryption keys and prove that you have complete control of all of your data is crucial to meet the requirements of many compliance standards, including PCI-DSS. Many encryption key solutions available in the cloud are designed so that the keys are owned—and therefore accessible –by the cloud provider.
While every reputable cloud provider makes a lot of assurances around the security of these solutions, the bottom line is that if you don’t own your encryption keys, you can’t prove control of your data.
And, if you don’t control your data, government agencies can subpoena the cloud provider—who are usually not only required to give that agency access to your data, but also are not obligated to let you know about it.
Gemalto is one of the only vendors that allows you—and only you—to own your encryption keys so that you remain the only entity able to access your data.
Ownership means that you can prove complete control of your sensitive data. It gives you the right tools to pass audits and the assurance that the cloud provider has no authority to give government agencies a back door into your data.
Gemalto’s new white paper, Own and Manage Your Encryption Keys, outlines how customer-owned encryption keys are the only way to truly safeguard data in cloud environments. As a technology partner of the world’s leading cloud providers, Gemalto has years of experience with encryption and key management in the cloud.
Gemalto will exhibit at cloud and virtualization conferences all over the world in 2015. You can learn more about our customer-owned encryption solutions by visiting the Gemalto booths at these shows and talking to us about our approach to encryption key ownership in the cloud.
It’s not just your data you’re protecting—it’s the data of your prospects, customers, clients, vendors, partners, and everyone you do business with. The power to secure it should reside with no one but you and your customer-owned keys.