What are some best practices for cloud encryption?

With so many companies moving data to the cloud in one way or another, encryption has become a major part of the overall effort of providing cloud security. Many of the biggest questions that companies have are around security, because there are so many risks and liabilities around cyberattacks.

One of the major components of improving cloud encryption involves talking to cloud providers and vendors. Because so much of the actual architecture is on the vendor side, many of the best practices that client companies can comply with involve talking in-depth with vendors and inspecting the vendor's security processes.

Companies should review a service-level agreement (SLA) very closely and ask for a security architecture plan from the vendor to actually see how the vendor's security works. Potential customers should discuss different types of security – security for the perimeter of the network, and segmentation or segregation inside the network, as well as endpoint security, where that is applicable.

In terms of actual encryption strategies, some guidelines can help to perfect how encryption secures data in the cloud. There is the principle of decentralization for the encryption mechanism, and the concept of multiple encryption processes, and there is the principle of good user authentication and the use of audit logs to track network events.

Another type of encryption best practice involves managing multiple encryption keys. This varies according to the architecture – for instance, key management is different for public, private and hybrid cloud setups. Customers should understand when encryption keys are held by the vendor, and when they are held by the client, and how this serves a particular type of security strategy.

By connecting with the vendors on a very detailed level, and discussing the actual nuts and bolts of cyber security architecture, companies can be better served by processes that will take their internal data and host it in the vendor’s cloud services. Some experts recommend having point people to work back channels of communication in order to capably support these cloud partnerships and make sure that security is a sufficient part of the cloud implementation process.