Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/25/2012
06:21 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Cloud Security Alliance Guidance For Data Ownership and Control Best Practices Emphasizes Importance Of Encryption Of Data-In-Us

Guidance aligns with Vaultive’s approach of implementing three states of cloud data encryption

New York, NY – October 23, 2012 -- The Cloud Security Alliance, the global not-for-profit organization that sets best practices for cloud security, has incorporated in recently-released implementation guidance issued by the Security as a Service Working Group a set of recommendations for cloud end users to adopt encryption of data-in-use as a best practice. The guidance notes that it is critical that the customer, and not the cloud service provider, is responsible for the security and encryption protection controls necessary to meet their requirements.

In its guidance focused on email security and encryption (SecaaS Implementation Guidance - Category 4: Email Security), the CSA specifies as a best practice that organizations should adopt technologies that allow sorting and searching of encrypted text, while reducing the amount of data needing to be decrypted. Specifically, the independent organization recommends encrypting data before it goes to the cloud and maintaining segregation of duties by keeping the encryption keys in the direct control of the customer, not the cloud provider. Implementation guidance for encryption as a service (SecaaS Implementation Guidance - Category 8: Encryption) also notes that once data is safely transmitted to a cloud service provider, it should be stored, transmitted and processed in a secure way.

This CSA guidance aligns with Vaultive's capabilities for pre-cloud encryption and approach of implementing three states of cloud data encryption – encryption of data-at-rest, data-in-transit and data-in-use – as well as limiting access to the encryption keys exclusively to authorized users within the organization where the data originates, and trusted parties. Vaultive is a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services.

In line with the CSA guidance related both to cloud encryption and email security, Vaultive's advanced encryption capabilities are designed to enable cloud end users to maintain control and ownership of organizational data processed by third-party services in order to address concerns including data security, compliance, unauthorized disclosure and data residency or privacy regulations. As a result, the cloud provider never has access to customer data in its unencrypted form, and enterprise cloud data remains unreadable if an unauthorized third-party attempts access -- or even if the data is disclosed in response to a government request.

At CSA Congress 2012 held in Orlando, FL, Vaultive will be conducting a session on best practices for maintaining control and ownership of data in the cloud and the delineation of roles and responsibilities between cloud service providers and end users.

"Cloud Security Alliance Implementation Guides help organizations effectively decipher what best practices should be and sets the global standard for companies seeking to utilize the cloud in a secure manner. We are very pleased that the recommendations made in latest version of the CSA guidance mirror Vaultive's own approach to cloud data encryption," said Maayan Tal, Co-Founder and CTO of Vaultive. "Vaultive allows organizations to implement the three complete states of data encryption to ensure sensitive data is secure in the cloud at all times, just as the CSA advises."

CSA Implementation Guidance research seeks to establish a stable, secure baseline for cloud operations in order to provide a practical, actionable road map for managers wanting to adopt the cloud paradigm safely and securely. In keeping with its mission, the CSA recently released third edition of its CSA guidance to provide greater clarity around the area of Security as a Service. The complete CSA Implementation Guidance is available now for free download.

About Vaultive

Vaultive is a provider of cloud data encryption solutions designed to maintain the control, security and compliance of data processed by cloud-based services. Vaultive's patent-pending form of 256-bit AES encryption encrypts data-at-rest, data-in-transit and data-in-use in a format that can be searched, sorted and indexed -- while enterprise IT retains control of the encryption keys. This addresses the principal business challenges of migrating data to the cloud including data security, regulatory compliance, unauthorized data disclosure and access, and international privacy/data residency regulations. Optimized for Microsoft® Office 365 and Hosted Exchange, the Vaultive platform supports best practices for the control and ownership of corporate data in the cloud. Vaultive has raised more than $10 million from leading venture capital firms .406 Ventures, New Science Partners, Harmony Partners and Security Growth Partners.

For more information, visit www.vaultive.com.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32606
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-20309
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
CVE-2021-20310
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...
CVE-2021-20311
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from t...