This blog was written by David Bull, McAfee’s former Director, Enterprise Solution Marketing.
Who has access to my online data?
What measures are being taken to protect it?
What can I do to make sure it doesn’t end up in the wrong hands?
The concerns behind these questions are rooted in our desire to maintain control over that which is valuable – a natural instinct. Placing data in the hands of cloud service providers however, puts pressure on our comfort zone and forces us to lean in favor of universal accessibility, unlimited scalability, low cost and virtually maintenance-free IT. Not such a bad deal, unless you have sensitive data to protect, and no policy around how that data interacts with the cloud. While the benefits of adopting services such as cloud storage are hard to ignore, the security and privacy of the data placed in these services does not have to remain outside of your hands – in fact, you can hold the keys.
Recent revelations in the reality of our data privacy online have brought this issue to light, but it is not a new problem. Cybercriminals have been creating malware with the intent of stealing data for years, including some variants that simply harvest the login credentials you use to access your data in the cloud. Sometimes, sensitive information can leave an organization without any spying or malware at all. Consider this scenario – you’ve adopted a cloud storage solution, such as Dropbox, and your employees are uploading documents on a daily basis and sharing links, instead of using large file attachments in their emails. This saves everyone’s inbox from a heavy hit, but you’ve got 10 different versions of your new product launch press release out there – and anyone who clicks one of the links being shared can read the document. Early one morning, one of your employees puts the wrong “Jim” on the copy line. Too bad Jim is a former employee now working for a competitor, who keeps in contact via his personal email address. We all know where that story ends.
Back to control. Who said you had to give up data privacy just because you want to use a flexible, scalable cloud storage service? Some offer encryption of your data at a premium, but once someone has login credentials, the gates are open. If your data is sensitive to your business, and you want to truly maintain control of your data in the cloud, you need to hold the keys. The encryption keys, that is.
According to a recent survey, only 31% of companies encrypt their data before sending it to the cloud.
Recently, we’ve introduced the capability to enable this level of control with our Web Protection solution. It solves the problems laid out thus far in several ways, so I’ll start from the beginning. First we start with who has access, and to what? Using single sign-on integrated with our Web Gateway, the corporate network knows who you are, and what applications you can use. Next, when you go to your cloud storage solution, you’re automatically logged in as a registered user, no username or password to remember. Now, when you go to upload any documents, media, or any other file – the Web Gateway, which is on your premises, is going to encrypt it. That means Dropbox, or anyone else peering into your traffic, can’t see the content. The encryption keys stay on-premises, in your control. When you want to download an encrypted file, the same requirements stand. Only users authenticated to your network can decrypt files, which download just as they normally would.
Jim however, can’t download them, even if he has a direct link. Say he remembered his old login – he’d still be off-network, and out of luck. With so many routes to accessing sensitive data these days, it doesn’t hurt to take back some control over your valuable information. In fact, it can save your competitive advantage. Or your market share. At the very least, your privacy concerns.