Sensitive data is moving to the cloud at an unprecedented rate and organizations are looking for ways to extend encryption policy controls to new cloud-based systems of record and systems of engagement. Across industries, the average organization uploads 13.9 TB of data to the cloud each month. While an impressive 81.8% of cloud providers encrypt data in transit via SSL or TLS, far fewer (just 9.4%) store data encrypted. According to the Ponemon Institute, the average cost of a data breach is now $3.8 million. Encrypting data at rest is an essential element in a robust cloud data security program to limit the damage of data breaches.


Aside from bolstering the security of SaaS applications, storing data encrypted has another positive side benefit. Numerous regional and industry-specific laws including HIPAA-HITECH require organizations to notify customers whose data has been compromised in a breach. However, if that data has been made indecipherable with encryption, organizations are exempt from these breach notification requirements. Since mandatory breach notifications are often followed by a wave of customer lawsuits, nullifying these requirements with encryption can significantly reduce the cost of a data breach for regulated organizations.

Encryption makes data indecipherable to anyone without access to the encryption keys, but when a cloud provider encrypts your data, administrators at the provider can view your data. The cloud provider may also be compelled by law to provide copies of your data to various governments around the world without notifying you. And in the event of a breach, a cyber criminal who has compromised the encryption keys of a cloud provider can decrypt the stolen data. Encrypting data using your own encryption keys can prevent these scenarios, but just 1.1% of cloud providers support tenant-managed encryption keys. McAfee CASB’s cloud encryption gateway can help you protect data with encryption you control.

Encrypt data with enterprise-owned keys

Protect structured and unstructured data with standards-based AES encryption, function-preserving encryption, and tokenization, ensuring compliance with HIPAA, HITECH, PCI, the EU Data Protection Directive, and data residency requirement.

Preserve application functionality

Support critical end-user functionality such as search, sort, and format by selecting from academia- and peer-reviewed encryption schemes developed in collaboration with experts in the industry.

Own your encryption keys

ntegrate with any KMIP-compliant key management server, enabling you to maintain control of your keys and comply with industry regulations and security policies.

Standards-Based Encryption

Applies standards-based AES or function-preserving encryption to structured and unstructured data using enterprise-owned encryption keys.

Preserve Application Functionality

Delivers function preserving encryption schemes that are academia and peer-reviewed, preserving end-user functions such as search, sort, and format.


Substitutes sensitive data with randomly generated tokens to keep data on premises, satisfying data residency requirements.

Key Management Support

Provides flexible cloud or on-premise deployment options and integrates with leading key management servers supporting the KMIP protocol.

Trellix Logo

You're exiting McAfee Enterprise.

Please pardon our appearance as we transition from McAfee Enterprise to Trellix.

Exciting changes are in the works.
We look forward to discussing your enterprise security needs.

You will be redirected in 0 seconds. If not, please click here to continue

McAfee Logo