Sensitive data is moving to the cloud at an unprecedented rate and organizations are looking for ways to extend encryption policy controls to new cloud-based systems of record and systems of engagement. Across industries, the average organization uploads 13.9 TB of data to the cloud each month. While an impressive 81.8% of cloud providers encrypt data in transit via SSL or TLS, far fewer (just 9.4%) store data encrypted. According to the Ponemon Institute, the average cost of a data breach is now $3.8 million. Encrypting data at rest is an essential element in a robust cloud data security program to limit the damage of data breaches.
Aside from bolstering the security of SaaS applications, storing data encrypted has another positive side benefit. Numerous regional and industry-specific laws including HIPAA-HITECH require organizations to notify customers whose data has been compromised in a breach. However, if that data has been made indecipherable with encryption, organizations are exempt from these breach notification requirements. Since mandatory breach notifications are often followed by a wave of customer lawsuits, nullifying these requirements with encryption can significantly reduce the cost of a data breach for regulated organizations.
Encryption makes data indecipherable to anyone without access to the encryption keys, but when a cloud provider encrypts your data, administrators at the provider can view your data. The cloud provider may also be compelled by law to provide copies of your data to various governments around the world without notifying you. And in the event of a breach, a cyber criminal who has compromised the encryption keys of a cloud provider can decrypt the stolen data. Encrypting data using your own encryption keys can prevent these scenarios, but just 1.1% of cloud providers support tenant-managed encryption keys. McAfee CASB’s cloud encryption gateway can help you protect data with encryption you control.
Encrypt data with enterprise-owned keys
Protect structured and unstructured data with standards-based AES encryption, function-preserving encryption, and tokenization, ensuring compliance with HIPAA, HITECH, PCI, the EU Data Protection Directive, and data residency requirement
Preserve application functionality
Support critical end-user functionality such as search, sort, and format by selecting from academia- and peer-reviewed encryption schemes developed in collaboration with experts in the industry.
Own your encryption keys
Integrate with any KMIP-compliant key management server, enabling you to maintain control of your keys and comply with industry regulations and security policies.