COMMENT
ENCRYPTION:
WHOSE KEYS
ARE THEY,
ANYWAY?
The drive to cloud data in the Middle East
creates great opportunities for business
innovation and growth as several online
services are becoming virtual and moving
towards mobile applications. Thus, IT
professionals need to be prepared in order
to increase cloud workloads while ensuring
secure cloud environments, says Sebastien
Pavie, Regional Sales Director for MEA at
Gemalto, Identity and Data Protection.
O
ver the past year, encryption
has been showing up in a
number of unlikely places. It
started when Google executive chairman
Eric Schmidt proclaimed that encrypting
everything is the answer to government
surveillance.
approach and are managing the keys
for the customer. Each provides its own
advantages and disadvantages. But it
does bring up an important question
that organizations must answer: Whose
keys are they, anyway?
Apple also hopped on the encryption
train, prompting a standoff with law
enforcement. More recently, the popular
cloud storage service, Box, made
encryption a centrepiece of its strategy
to win over enterprise customers. In so
doing, they also unveiled a significant
feature, known as customer-managed
keys – allowing their customers to have
full control over the keys that play a
critical role in the encryption of their data.
Until now, key management – the
processing, management and storage
of keys for who can decrypt and access
protected information – was an oftenoverlooked, and yet critical element
of encryption. Many organisations
left that part up to their vendors or
stored them inconsistently across their
IT infrastructure in both hardware
and software. This lack of centralized
control can jeopardise the integrity of
encryption.
Other popular services, such as Salesforce.
com and AWS, have taken a different
In fact, the management of the keys
is more important than the encryption
22
INTELLIGENTCIO
www.intelligentcio.com