Data in the cloud is often encrypted using a private key, which can simply be the user’s password or a separate string of characters for added security. This encryption key is then the sole responsibility of the end-user and guarantees that only they will be able to access the data stored in their cloud account – anyone else attempting to access their account will just see a load of garbled files that will make no sense as these will be the encrypted versions. Because of the nature of the information that many businesses choose to store in the cloud, encryption is a vital part of the cloud security framework; this in turn highlights the significance of keeping encryption keys secure, as if someone with malicious intentions gets hold of the encryption key then they will have full access to the information stored in your account – this is why it can be good practice to have a password protecting your account and a separate file encryption key.
Maintaining tight control of who has access
Minimising the number of people with direct access to the key is always good practice, this ensures that if the key is leaked then it is easy to pinpoint who it has originated from so that steps can then be taken to apply a new key and then supply to different people for added trust. Whilst this may seem like an inconvenient option for situations where regular access to these files by multiple users is required, it would perhaps be more beneficial to store such files locally anyhow and the less frequently accessed but more importance can be stored away securely in the cloud.
Consider secure storage arrangements on the desktop
Keeping an encryption key in plain sight in a text file on the local computer is just asking for trouble, which is why it is a good idea to consider a secure password vault application that itself encrypts passwords and requires a password in order for entry to be gained. This will provide the assurance that even if malicious attackers do gain access to the local computer, access to the encryption key itself will still be prohibited.
Exploring the encryption algorithm securing your data
There are a number of different encryption algorithms available that can offer varying levels of protection, so choosing a cloud host that uses a tried and tested method of encryption is the most reliable method of safeguarding your data. Encrypting not only the information stored in the cloud, but also data that is transferred to and from it is recommended best practice – this way, your only worry has to be the level of security in place on your local machines. This is known as ‘homomorphic encryption’ and means that the cloud server is only ever dealing with encrypted data and search queries; all data that is returned to the client computer accessing the data or performing a search is encrypted and it is the local machine that is then responsible for decrypting this information, increasing security because this means that the encryption key will only ever need to be entered locally and won’t have to be transferred over the Internet.
As a conclusion, keeping encryption keys secure is very important for the guarantee that no unauthorised individuals are able to access business-critical files. Limiting the number of colleagues with access to the key will reduce the potential for unauthorised access or leaks, whilst maintaining a secure desktop infrastructure will also be fundamental to protecting your business’s wider IT environment.