The intricacies of Bring Your Own Encryption (BYOE)

2014 has been the year of Bring Your Own Encryption

This years steady drumbeat of major data breaches, Snowden disclosures, and other cyber-attacks are causing all sorts of businesses to look well beyond compliance requirements to what it will take to protect themselves and their customers from additional risks.As such, Bring-Your-Own-Encryption (BYOE) looks like a very strong trend cloud providers want an increasing amount of flexibility around implementing encryption and, at the very least, want the ability to enable their customers to maintain control of their own encryption keys.

The main drivers for BYOE

Before we look at the challenges and opportunities that BYOE affords cloud hosting providers, it is important to understand the main drivers for the heightened level of security (and reduced risk) that go with BYOE. These are: compliance with standards, risk of breaches, protection of intellectual property (IP), and, lastly, contractual requirements. In the first instance, any organisation that has compliance requirements such as PCI DSS will need to fully meet those requirements and ensure a segregation of roles by user type, or provide for what are called 'compensating controls' if allowed.Secondly, increasing reports of cyber-attacks, along with governments around the globe introducing harsher penalties for loss of personal information add further weight to the arguments for the encryption of cloud data.

> See also: Keys to the castle: encryption in the cloud

Organisations with critical information, the loss of which could fundamentally damage their business typically aerospace, defence, financial or manufacturing need the strongest data assurance solutions available. But, these solutions must not impede their ability to take advantage of the scalability and flexibility that the cloud model brings. For cloud providers whose customers are in one of the areas mentioned above, it is not unusual to be required to encrypt data to the same standards as that customer applies to their own data. Indeed, this stipulation is frequently passed through as a contractual requirement for doing business.

How it works

To understand how BYOE works, there are two typical implementation scenarios to consider from an end user perspective, the first is for the end user to manage their encryption keys within the cloud environment, and the second is managing encryption keys away from the cloud providers premises inthe end users own data centre or other environment.

In both cases, the cloud provider does not usually manage the keys or set the encryption and access policies, which means there is less possibility that a compromise of the cloud providers architecture or physical infrastructure by a third party could compromise data.That said, a compromise of a cloud providers account might be leveraged to access the key and policy management environment, and then used to get access to data.

> See also: Google adds encryption to its cloud storage service

Go here to see the original:
The intricacies of Bring Your Own Encryption (BYOE)