by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : May 2015
While the security of the cloud overall is a concern for users, the hybrid cloud poses particular problems because data will be used in both a private cloud, where tight security and oversight can be applied, and with the public cloud component where security is less certain. Securing data in both kinds of cloud, and when moving data between them, is a major priority. A recent survey of the 250,000- plus members of LinkedIn’s Information Security Community found a range of preferences for technologies to protect data in the cloud, including access control, intrusion detection and prevention, firewalls and log management and analysis. But, encryption—for both data at rest and in motion—was the clear winner. That said, it’s not a case of simply encrypting all data since encryption, which also means decryption at some point, adds complexity and overhead management costs. Sensitive data obviously needs to be encrypted, and that may even be required for compliance reasons, but other data that’s considered not so sensitive could be left unencrypted. The Cloud Security Alliance says a range of factors has to be understood when considering encryption: • Encryption should be implemented for data at rest, in motion, and in use. Use data-centric encryption for unstructured files that must be protected or stored in the cloud, or use encryption embedded into the file format whenever practical to apply protection directly to the files. • Don’t forget to protect files that are often overlooked but that also can hold sensitive information, such as log files and metadata. • Use “sufficiently durable encryption strengths” that comply with the same standards used for encrypting files that are internally maintained within the enterprise. The National Institute of Technology and Standards (NIST) recommends encryption that’s FIPS 140-2 compliant should be used. • Understand how all encryption/ decryption keys will be managed for the entire lifecycle of the data, and whenever possible the data owner should control the encryption keys and not the cloud provider. That ensures the owner has access to critical information both now and in the future. Agencies should not assume that simply choosing cloud providers that are certified through the Federal Risk and Authorization Management Program (FedRAMP) process will fully protect them when it comes to encryption and key management. FedRAMP refers only to a baseline of necessary security controls, so organizations should expect to have to specify key management through the service level agreements they negotiate with cloud providers. Where data is encrypted and decrypted is also important. The user encrypting data before it’s sent to the cloud provides the highest level of security since it ensures protection even if something happens to the data on the way there, or when it arrives. It also means that data, when it’s stored in the cloud, can only be decrypted by the user if the keys are always controlled by the user. However, encryption at this level is a complicated issue. Large IT departments may be capable of doing it, but smaller ones won’t have the resources, which is where managed security services will prove valuable. There are alternatives to encryption such as data anonymization, where, for example, personally identifiable or sensitive information can be stripped out of the data before it’s processed. • Sponsored Report CyberseCurity encryption is tagged for Data security For more coverage of cybersecurity issues – including hybrid cloud, identity and access management and encryption and compliance – go to GCN.com/2015sNAPsHOtCyberseCurity breaking through the security Cloud