Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/25/2012
06:21 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cloud Security Alliance Guidance For Data Ownership and Control Best Practices Emphasizes Importance Of Encryption Of Data-In-Us

Guidance aligns with Vaultive’s approach of implementing three states of cloud data encryption

New York, NY – October 23, 2012 -- The Cloud Security Alliance, the global not-for-profit organization that sets best practices for cloud security, has incorporated in recently-released implementation guidance issued by the Security as a Service Working Group a set of recommendations for cloud end users to adopt encryption of data-in-use as a best practice. The guidance notes that it is critical that the customer, and not the cloud service provider, is responsible for the security and encryption protection controls necessary to meet their requirements.

In its guidance focused on email security and encryption (SecaaS Implementation Guidance - Category 4: Email Security), the CSA specifies as a best practice that organizations should adopt technologies that allow sorting and searching of encrypted text, while reducing the amount of data needing to be decrypted. Specifically, the independent organization recommends encrypting data before it goes to the cloud and maintaining segregation of duties by keeping the encryption keys in the direct control of the customer, not the cloud provider. Implementation guidance for encryption as a service (SecaaS Implementation Guidance - Category 8: Encryption) also notes that once data is safely transmitted to a cloud service provider, it should be stored, transmitted and processed in a secure way.

This CSA guidance aligns with Vaultive's capabilities for pre-cloud encryption and approach of implementing three states of cloud data encryption – encryption of data-at-rest, data-in-transit and data-in-use – as well as limiting access to the encryption keys exclusively to authorized users within the organization where the data originates, and trusted parties. Vaultive is a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services.

In line with the CSA guidance related both to cloud encryption and email security, Vaultive's advanced encryption capabilities are designed to enable cloud end users to maintain control and ownership of organizational data processed by third-party services in order to address concerns including data security, compliance, unauthorized disclosure and data residency or privacy regulations. As a result, the cloud provider never has access to customer data in its unencrypted form, and enterprise cloud data remains unreadable if an unauthorized third-party attempts access -- or even if the data is disclosed in response to a government request.

At CSA Congress 2012 held in Orlando, FL, Vaultive will be conducting a session on best practices for maintaining control and ownership of data in the cloud and the delineation of roles and responsibilities between cloud service providers and end users.

"Cloud Security Alliance Implementation Guides help organizations effectively decipher what best practices should be and sets the global standard for companies seeking to utilize the cloud in a secure manner. We are very pleased that the recommendations made in latest version of the CSA guidance mirror Vaultive's own approach to cloud data encryption," said Maayan Tal, Co-Founder and CTO of Vaultive. "Vaultive allows organizations to implement the three complete states of data encryption to ensure sensitive data is secure in the cloud at all times, just as the CSA advises."

CSA Implementation Guidance research seeks to establish a stable, secure baseline for cloud operations in order to provide a practical, actionable road map for managers wanting to adopt the cloud paradigm safely and securely. In keeping with its mission, the CSA recently released third edition of its CSA guidance to provide greater clarity around the area of Security as a Service. The complete CSA Implementation Guidance is available now for free download.

About Vaultive

Vaultive is a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services. Vaultive's patent-pending form of 256-bit AES encryption encrypts data-at-rest, data-in-transit and data-in-use in a format that can be searched, sorted and indexed -- while enterprise IT retains control of the encryption keys. This addresses the principal business challenges of migrating data to the cloud including data security, regulatory compliance, unauthorized data disclosure and access, and international privacy/data residency regulations. Optimized for Microsoft® Office 365 and Hosted Exchange, the Vaultive platform supports best practices for the control and ownership of corporate data in the cloud. Vaultive has raised more than $10 million from leading venture capital firms .406 Ventures, New Science Partners, Harmony Partners and Security Growth Partners.

For more information, visit www.vaultive.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2021-20622
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2020-5626
PUBLISHED: 2021-01-28
Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 and earlier allow remote attackers to execute arbitrary OS commands via a specially crafted log file.
CVE-2021-3142
PUBLISHED: 2021-01-28
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-35128. Reason: This candidate is a reservation duplicate of CVE-2020-35128. Notes: All CVE users should reference CVE-2020-35128 instead of this candidate. All references and descriptions in this candidate have been removed to preve...