Perimeter
10/25/2012
06:21 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Cloud Security Alliance Guidance For Data Ownership and Control Best Practices Emphasizes Importance Of Encryption Of Data-In-Us

Guidance aligns with Vaultive’s approach of implementing three states of cloud data encryption

New York, NY – October 23, 2012 -- The Cloud Security Alliance, the global not-for-profit organization that sets best practices for cloud security, has incorporated in recently-released implementation guidance issued by the Security as a Service Working Group a set of recommendations for cloud end users to adopt encryption of data-in-use as a best practice. The guidance notes that it is critical that the customer, and not the cloud service provider, is responsible for the security and encryption protection controls necessary to meet their requirements.

In its guidance focused on email security and encryption (SecaaS Implementation Guidance - Category 4: Email Security), the CSA specifies as a best practice that organizations should adopt technologies that allow sorting and searching of encrypted text, while reducing the amount of data needing to be decrypted. Specifically, the independent organization recommends encrypting data before it goes to the cloud and maintaining segregation of duties by keeping the encryption keys in the direct control of the customer, not the cloud provider. Implementation guidance for encryption as a service (SecaaS Implementation Guidance - Category 8: Encryption) also notes that once data is safely transmitted to a cloud service provider, it should be stored, transmitted and processed in a secure way.

This CSA guidance aligns with Vaultive's capabilities for pre-cloud encryption and approach of implementing three states of cloud data encryption – encryption of data-at-rest, data-in-transit and data-in-use – as well as limiting access to the encryption keys exclusively to authorized users within the organization where the data originates, and trusted parties. Vaultive is a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services.

In line with the CSA guidance related both to cloud encryption and email security, Vaultive's advanced encryption capabilities are designed to enable cloud end users to maintain control and ownership of organizational data processed by third-party services in order to address concerns including data security, compliance, unauthorized disclosure and data residency or privacy regulations. As a result, the cloud provider never has access to customer data in its unencrypted form, and enterprise cloud data remains unreadable if an unauthorized third-party attempts access -- or even if the data is disclosed in response to a government request.

At CSA Congress 2012 held in Orlando, FL, Vaultive will be conducting a session on best practices for maintaining control and ownership of data in the cloud and the delineation of roles and responsibilities between cloud service providers and end users.

"Cloud Security Alliance Implementation Guides help organizations effectively decipher what best practices should be and sets the global standard for companies seeking to utilize the cloud in a secure manner. We are very pleased that the recommendations made in latest version of the CSA guidance mirror Vaultive's own approach to cloud data encryption," said Maayan Tal, Co-Founder and CTO of Vaultive. "Vaultive allows organizations to implement the three complete states of data encryption to ensure sensitive data is secure in the cloud at all times, just as the CSA advises."

CSA Implementation Guidance research seeks to establish a stable, secure baseline for cloud operations in order to provide a practical, actionable road map for managers wanting to adopt the cloud paradigm safely and securely. In keeping with its mission, the CSA recently released third edition of its CSA guidance to provide greater clarity around the area of Security as a Service. The complete CSA Implementation Guidance is available now for free download.

About Vaultive

Vaultive is a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services. Vaultive's patent-pending form of 256-bit AES encryption encrypts data-at-rest, data-in-transit and data-in-use in a format that can be searched, sorted and indexed -- while enterprise IT retains control of the encryption keys. This addresses the principal business challenges of migrating data to the cloud including data security, regulatory compliance, unauthorized data disclosure and access, and international privacy/data residency regulations. Optimized for Microsoft® Office 365 and Hosted Exchange, the Vaultive platform supports best practices for the control and ownership of corporate data in the cloud. Vaultive has raised more than $10 million from leading venture capital firms .406 Ventures, New Science Partners, Harmony Partners and Security Growth Partners.

For more information, visit www.vaultive.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web