Cloud Security Alliance guidance for data ownership
Posted on 24 October 2012.
Bookmark and Share
The Cloud Security Alliance has incorporated in recently-released implementation guidance issued by the Security as a Service Working Group a set of recommendations for cloud end users to adopt encryption of data-in-use as a best practice.

The guidance notes that it is critical that the customer, and not the cloud service provider, is responsible for the security and encryption protection controls necessary to meet their requirements.

In its guidance focused on email security and encryption (SecaaS Implementation Guidance - Category 4: Email Security), the CSA specifies as a best practice that organizations should adopt technologies that allow sorting and searching of encrypted text, while reducing the amount of data needing to be decrypted.

Specifically, the independent organization recommends encrypting data before it goes to the cloud and maintaining segregation of duties by keeping the encryption keys in the direct control of the customer, not the cloud provider.

Implementation guidance for encryption as a service (SecaaS Implementation Guidance - Category 8: Encryption) also notes that once data is safely transmitted to a cloud service provider, it should be stored, transmitted and processed in a secure way.





Spotlight

Nearly 70% of critical infrastructure providers suffered a breach

Posted on 10 July 2014.  |  Nearly 70% of companies that are responsible for the world's power, water and other critical functions have reported at least one security breach that led to the loss of confidential information or disruption of operations in the past 12 months.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 11th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //