Using Strong Security Measures like Tokenization Keeps Cloud Data Safe and Legally Compliant Across Borders According to PerspecSys
TORONTO – July 31, 2013 – Revelations concerning PRISM and the NSA’s XKeyscore programs are causing many European and Asian companies to believe that using a U.S.-based cloud services provider is insecure and will allow the U.S. Government to snoop on their data. As a result, some are predicting a slow-down in cloud adoption, specifically the uptake of cloud services based in the United States. Unfortunately, the victim in this scenario is the enterprise themselves, since many of the leading and most in-demand cloud SaaS offerings are based in North America. But with the proper security solutions in place, enterprises can confidently adopt cloud services based anywhere in the world while keeping their data resident and within their full control, thereby eliminating concerns about 3rd parties accessing their sensitive corporate information.
Survey results recently released from the Cloud Security Alliance indicate that more than half of the non-U.S. residents questioned were less likely to use U.S.-based cloud services since becoming aware of the PRISM program. This sort of data has industry analyst firms such as GigaOM observing that PRISM may be a windfall for non-U.S. cloud providers. While there are some types of cloud services where the choice to move to a local provider may be fairly trivial, it becomes quite challenging at the SaaS “layer” of the cloud. Here, enterprises are adopting cloud services that go beyond simple compute-power or storage services. Instead, they are adopting mission-critical applications, such as services to run their Customer Management and Support Operations, or Sales or Human Resources functions. Clearly, having the “best” application to manage their business is critical to their success. Given PRISM and XKeyscore concerns, do they now need to eliminate a series of leading applications from their consideration just because they are based in the United States? A category of products, referred to by Gartner as Cloud Encryption Gateways, may prove to be the solution to this problem.
Cloud Data Protection Gateways
Cloud Data Protection Gateways (CDPGs) work by intercepting sensitive data while it is still on-premise, replacing the data with a random tokenized or encrypted values, rendering information meaningless should anyone outside of the company access the data while it is in route to, being processed or stored in a cloud environment. Not all CDPGs are the same, however. The PerspecSys gateway is the only gateway able to preserve cloud application functionality – even when the data is tokenized or strongly encrypted using encryption such as National Institute of Standards and Technology (NIST) listed FIPS 140-2 compliant modules from leading industry cryptographic providers. With PerspecSys, enterprises maintain ownership of encryption keys and end users have access to features and functions such as ability to sort and search data (including advanced search), send e-mails, and generate reports – even on sensitive data that has been tokenized or strongly encrypted.
“While PRISM and programs like it certainly have caused organizations based in Europe and Asia to take pause when they consider cloud-based services, including techniques such as tokenization in their cloud “blueprint” will enable them to maintain full control of their sensitive data and IP – at all times,” said David Canellos, president and CEO of PerspecSys, the leader in cloud data protection solutions for the enterprise. “C-level executives need to make the smartest choices possible when selecting the cloud services they will depend on to operate their business. If their analysis determines that the strongest solution to meet their business needs happens to be based in the U.S., then they can rely on products such as PerspecSys to confidently adopt them.”
Choosing the right method of cloud data protection is important and tokenization is proving most effective with highly regulated international organizations because sensitive information is never placed in a cloud environment. If implemented properly, cloud application functionality can also be preserved while tokenization is used to protect every field of data. PerspecSys’ “Tokenization for Cloud Data Protection” whitepaper gives a high-level overview of tokenization as a data protection technique, as well as the advantages it provides over other legacy cloud security techniques. The whitepaper also discusses the importance of adhering to PCI Data Security Council’s tokenization standards and best practices. Choosing the right vendor is also important. The “Critical Questions to Ask Cloud Protection Gateway Providers” whitepaper explains what security and IT professionals need to focus on when analyzing vendors’ marketing and solutions claims to ensure that their company’s data privacy, security and compliance needs are met.
Every country has its own complex array of data residency and privacy laws that cloud providers and their customers must obey. In the U.K. particularly, companies moving to the cloud are subject to the laws and guidelines of the European Union as well as the U.K. Data Protection Act of 1998. The “Cloud Expansion in the U.K.” whitepaper highlights the cloud computing and cloud application issues, guidelines and security regulations unique to the U.K. For all other countries, the “International Privacy Laws” whitepaper highlights key data privacy legislation from around the globe that companies – and their cloud providers – must meet.
For more whitepapers on data privacy, security and residency challenges that companies face including “Data Privacy Laws and Cloud Adoption in Australia” and “Privacy Laws and Cloud Expansion in China” please visit the PerspecSys Knowledge Center.
More information about Cloud Data Protection Gateways can be found through Gartner, including the following reports:
PerspecSys Inc. is a leading provider of cloud data protection solutions that enable mission-critical cloud applications to be adopted in enterprises and government agencies. PerspecSys removes the technical, legal and financial risks of placing sensitive company data in the cloud. PerspecSys accomplishes this for many large, heavily regulated organizations across the world by never allowing sensitive data to leave a customer’s network, while maintaining the functionality of cloud applications. Based in McLean, VA and Toronto, with offices in San Francisco and London, PerspecSys Inc. is a privately held company backed by investors that include Intel Capital, Paladin Capital Group, Ascent Venture Partners and GrowthWorks. For more information please visit www.perspecsys.com or follow on Twitter @perspecsys.