First PRISM, now XKeyscore, cloud surveillance is wake-up call for the enterprise

Extensive NSA snooping generates cloud data protection concerns


On the heels of PRISM, the disclosure of XKeyscore has inflamed fears for moving data into the cloud. Together, the surveillance programs have generated broad concerns from privacy watchdogs about the sanctity of securing personal information and calls from EU regulators for limiting data to national boundaries and suspending the long accepted notion of safe harbor.

This backlash is understandable. But, does this mean that businesses should pull back, and stop using the cloud and rebuild the on-premise infrastructure they have been dismantled over the last few years? On the cloud providers' side, should they break up the World Wide Web into walled gardens hemmed in by national boundaries?

These recent revelations of these surveillance programs, and undoubtedly there will be more of them, reinforce how important cloud information protection is the new imperative for enterprises.

"Whether we're talking about PRISM, XKeyscore or the next cyber surveillance program to be unveiled by Snowden, the takeaway for businesses all over the world is clear. It is no longer safe to leave sensitive data in the clear, naked and undefended," said Paige Leidig, senior vice president, CipherCloud. "Because the watchers are omnipotent, the only sensible way to clothe and defend data is through unbreakable encryption that scrambles information into gibberish."

XKeyscore, PRISM and whatever surveillance program that next leaks out are reminders that the Internet is like a busy public street. Ensuring protection for data in the cloud requires enterprises confront the realities of a ubiquitous surveillance environment by taking proactive steps to fully defend that data from exposure.

First, Discover

Before you can protect information in the cloud, you need to know where it is and who has access to it:

Who should have access to certain information and who should not?
What content is sensitive, proprietary, or regulated and how can it be identified?
Where will this data reside in the cloud and what range of regional privacy, disclosure and other laws might apply?

Next, Protect

Encrypt - As a baseline, unbreakable code – like AES-256 – can scramble sensitive information into undecipherable gibberish to protect it from unauthorized viewers. Installing a cloud information protection platform at the network's edge ensures any data moving to the cloud is fully protected before it leaves the organization.
Retain Keys - Keep the keys that encrypt and decipher information under the control of the user organization. This ensures that all information requests must involve the owner, even if information is stored on a third-party cloud.
Cloud Data Loss Prevention (DLP) - Customize DLP policies to scan, detect and take action to protect information according to its level of sensitivity. This provides an additional level of security and control.

Finally, Enable

Use operations-preserving encryption, which has solved encryption's longstanding problem of breaking cloud application functions. This advancement enables users to search, sort and report on encrypted data in the cloud. Additionally, an open platform capable of supporting all cloud applications and integrating third-party tools provides a stable foundation for protection.